This is what I've received recently: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR%5FB REPBOT%2EA&VSect=T
My F-Prot and Trend Micro do detect it. When I submit the executable inside the payload to http://virusscan.jotti.org or http://www.virustotal.com I get these results: AntiVir 6.35.0.13 06.16.2006 Worm/SdBot.32768.26 Authentium 4.93.8 06.16.2006 W32/Brepibot.gen Avast 4.7.844.0 06.15.2006 no virus found AVG 386 06.16.2006 IRC/BackDoor.SdBot2.EDN BitDefender 7.2 06.16.2006 Backdoor.IRCbot.JD CAT-QuickHeal 8.00 06.16.2006 no virus found ClamAV devel-20060426 06.16.2006 Trojan.IRCBot-638 DrWeb 4.33 06.16.2006 BackDoor.IRC.Boxer eTrust-InoculateIT 23.72.40 06.16.2006 no virus found eTrust-Vet 12.6.2259 06.16.2006 no virus found Ewido 3.5 06.16.2006 no virus found Fortinet 2.77.0.0 06.16.2006 W32/Brepibot.AS!tr F-Prot 3.16f 06.16.2006 W32/Brepibot.gen Ikarus 0.2.65.0 06.16.2006 photo3.exe Kaspersky 4.0.2.24 06.16.2006 Backdoor.Win32.Breplibot.ai McAfee 4786 06.16.2006 W32/Brepibot.gen Microsoft 1.1441 06.16.2006 no virus found NOD32v2 1.1605 06.16.2006 Win32/IRCBot.PH Norman 5.90.21 06.16.2006 W32/Malware Panda 9.0.0.4 06.16.2006 Suspicious file Sophos 4.06.0 06.16.2006 Troj/Stinx-W Symantec 8.0 06.16.2006 Backdoor.Naninf.E TheHacker 5.9.8.160 06.16.2006 no virus found Andrew 8) > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Colbeck, Andrew > Sent: Friday, June 16, 2006 2:21 PM > To: declude.virus@declude.com > Subject: RE: [Declude.Virus] new virus > > It might be this, if my F-Prot is more up to date than yours, > as mine has identified a few zip files with a plus sign in > the name as W32/Brepibot.gen > > http://www.f-secure.com/weblog/archives/archive-062006.html#00000902 > > The fake HELO names were CNN.com and TradersWorld.com if > that's any use. > > Andrew 8) > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > > Ncl Admin > > Sent: Friday, June 16, 2006 2:03 PM > > To: declude.virus@declude.com > > Subject: Re: [Declude.Virus] new virus > > > > Yes, > > > > 04dotzip just came through here but McAfee stopped it. But > F-prot not > > getting it. > > > > At 04:30 PM 6/16/2006 -0400, you wrote: > > >>>> > > Is anyone else seeing new virus zip files getting past F-Prot? > > the last one was just numbers.zip > > Earlier a few came through with name.zip > > > > Bruce Loughlin > > > > --- > > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, > > just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe > > Declude.Virus". The archives can be found at > > http://www.mail-archive.com. > > <<<< > > > > > > > > > > --- > > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, > > just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.Virus". The archives can be found > > at http://www.mail-archive.com. > > > > > > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > > --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.