Discovered: July 16, 2003
Updated: February 13, 2007 12:03:55 PM
Also Known As: Downloader-DI [McAfee], TrojanProxy.Win32.Webber.10 [K, Troj/Webber-A [Sophos], Trojan.Download.Berbew
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
Downloader.Berbew is a Trojan Horse that attempts to download
Backdoor.Berbew from the Internet and execute it on the local system. This Trojan was spammed to a large number of individuals in an email message claiming to be from Citibank Accounting or E-Loan.com.
Downloader.Berbew typically arrives as an attachment with a .pif extension, such as:
- web.da.us.citi.heloc.pif
- wellsfargo.biz.jsessionid.pif
- www.citybankhomeloan.htm.pif
- E-Loan-Appraiser-Results.pif
- www.usbank.com.stats.personals.balance.pif.pif
- www.fdic.com.fraud.security.pif.zip (This is a password protected zip file.)
Note:
- Detections for this threat were updated on April 7, 2004 to account for the discovery of a minor variant.
- Virus definitions dated June 6, 2006 or earlier may detect this threat as Trojan.Download.Berbew.
Protection
-
Initial Rapid Release version July 16, 2003
-
Latest Rapid Release version March 3, 2008 revision 035
-
Initial Daily Certified version July 16, 2003
-
Latest Daily Certified version March 3, 2008 revision 037
-
Initial Weekly Certified release date July 16, 2003
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Low
-
Number of Infections: 50 - 999
-
Number of Sites: More than 10
-
Geographical Distribution: Low
-
Threat Containment: Easy
-
Removal: Easy
Damage
Distribution
Writeup By: Sergei Shevchenko
