This is what I've received recently:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR%5FB
REPBOT%2EA&VSect=T

My F-Prot and Trend Micro do detect it.  When I submit the executable
inside the payload to http://virusscan.jotti.org or
http://www.virustotal.com I get these results:

AntiVir 6.35.0.13       06.16.2006      Worm/SdBot.32768.26
Authentium      4.93.8  06.16.2006      W32/Brepibot.gen
Avast   4.7.844.0       06.15.2006      no virus found
AVG     386     06.16.2006      IRC/BackDoor.SdBot2.EDN
BitDefender     7.2     06.16.2006      Backdoor.IRCbot.JD
CAT-QuickHeal   8.00    06.16.2006      no virus found
ClamAV  devel-20060426  06.16.2006      Trojan.IRCBot-638
DrWeb   4.33    06.16.2006      BackDoor.IRC.Boxer
eTrust-InoculateIT      23.72.40        06.16.2006      no virus found
eTrust-Vet      12.6.2259       06.16.2006      no virus found
Ewido   3.5     06.16.2006      no virus found
Fortinet        2.77.0.0        06.16.2006      W32/Brepibot.AS!tr
F-Prot  3.16f   06.16.2006      W32/Brepibot.gen
Ikarus  0.2.65.0        06.16.2006      photo3.exe
Kaspersky       4.0.2.24        06.16.2006
Backdoor.Win32.Breplibot.ai
McAfee  4786    06.16.2006      W32/Brepibot.gen
Microsoft       1.1441  06.16.2006      no virus found
NOD32v2 1.1605  06.16.2006      Win32/IRCBot.PH
Norman  5.90.21 06.16.2006      W32/Malware
Panda   9.0.0.4 06.16.2006      Suspicious file
Sophos  4.06.0  06.16.2006      Troj/Stinx-W
Symantec        8.0     06.16.2006      Backdoor.Naninf.E
TheHacker       5.9.8.160       06.16.2006      no virus found 


Andrew 8)




> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 
> Behalf Of Colbeck, Andrew
> Sent: Friday, June 16, 2006 2:21 PM
> To: declude.virus@declude.com
> Subject: RE: [Declude.Virus] new virus
> 
> It might be this, if my F-Prot is more up to date than yours, 
> as mine has identified a few zip files with a plus sign in 
> the name as W32/Brepibot.gen
> 
> http://www.f-secure.com/weblog/archives/archive-062006.html#00000902
> 
> The fake HELO names were CNN.com and TradersWorld.com if 
> that's any use.
> 
> Andrew 8)
> 
>  
> 
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of 
> > Ncl Admin
> > Sent: Friday, June 16, 2006 2:03 PM
> > To: declude.virus@declude.com
> > Subject: Re: [Declude.Virus] new virus
> > 
> > Yes,
> > 
> > 04dotzip just came through here but McAfee stopped it. But 
> F-prot not 
> > getting it.
> > 
> > At 04:30 PM 6/16/2006 -0400, you wrote: 
> > >>>>
> > Is anyone else seeing new virus zip files getting past F-Prot?
> > the last one was just numbers.zip
> > Earlier a few came through with name.zip
> >   
> > Bruce Loughlin
> >   
> > ---
> > This E-mail came from the Declude.Virus mailing list. To 
> unsubscribe, 
> > just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe 
> > Declude.Virus". The archives can be found at 
> > http://www.mail-archive.com.
> > <<<<
> > 
> > 
> > 
> > 
> > ---
> > This E-mail came from the Declude.Virus mailing list.  To 
> unsubscribe, 
> > just send an E-mail to [EMAIL PROTECTED], and
> > type "unsubscribe Declude.Virus".    The archives can be found
> > at http://www.mail-archive.com.
> > 
> > 
> 
> 
> ---
> This E-mail came from the Declude.Virus mailing list.  To 
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".    The archives can be found
> at http://www.mail-archive.com.
> 
> 


---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".    The archives can be found
at http://www.mail-archive.com.

Reply via email to