1. /
  2. Security Response/
  3. Downloader.Berbew


Risk Level 1: Very Low

July 16, 2003
February 13, 2007 12:03:55 PM
Also Known As:
Downloader-DI [McAfee], TrojanProxy.Win32.Webber.10 [K, Troj/Webber-A [Sophos], Trojan.Download.Berbew
Trojan Horse
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

Downloader.Berbew is a Trojan Horse that attempts to download Backdoor.Berbew from the Internet and execute it on the local system. This Trojan was spammed to a large number of individuals in an email message claiming to be from Citibank Accounting or E-Loan.com.

Downloader.Berbew typically arrives as an attachment with a .pif extension, such as:
  • web.da.us.citi.heloc.pif
  • wellsfargo.biz.jsessionid.pif
  • www.citybankhomeloan.htm.pif
  • E-Loan-Appraiser-Results.pif
  • www.usbank.com.stats.personals.balance.pif.pif
  • www.fdic.com.fraud.security.pif.zip (This is a password protected zip file.)

  • Detections for this threat were updated on April 7, 2004 to account for the discovery of a minor variant.
  • Virus definitions dated June 6, 2006 or earlier may detect this threat as Trojan.Download.Berbew.

Antivirus Protection Dates

  • Initial Rapid Release version July 16, 2003
  • Latest Rapid Release version February 4, 2015 revision 007
  • Initial Daily Certified version July 16, 2003
  • Latest Daily Certified version February 4, 2015 revision 017
  • Initial Weekly Certified release date July 16, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Sergei Shevchenko

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report