1. Symantec/
  2. Security Response/
  3. Downloader.Berbew


Risk Level 1: Very Low

July 16, 2003
February 13, 2007 12:03:55 PM
Also Known As:
Downloader-DI [McAfee], TrojanProxy.Win32.Webber.10 [K, Troj/Webber-A [Sophos], Trojan.Download.Berbew
Trojan Horse
Systems Affected:

Downloader.Berbew is a Trojan Horse that attempts to download Backdoor.Berbew from the Internet and execute it on the local system. This Trojan was spammed to a large number of individuals in an email message claiming to be from Citibank Accounting or E-Loan.com.

Downloader.Berbew typically arrives as an attachment with a .pif extension, such as:
  • web.da.us.citi.heloc.pif
  • wellsfargo.biz.jsessionid.pif
  • www.citybankhomeloan.htm.pif
  • E-Loan-Appraiser-Results.pif
  • www.usbank.com.stats.personals.balance.pif.pif
  • www.fdic.com.fraud.security.pif.zip (This is a password protected zip file.)

  • Detections for this threat were updated on April 7, 2004 to account for the discovery of a minor variant.
  • Virus definitions dated June 6, 2006 or earlier may detect this threat as Trojan.Download.Berbew.

Antivirus Protection Dates

  • Initial Rapid Release version July 16, 2003
  • Latest Rapid Release version August 8, 2016 revision 023
  • Initial Daily Certified version July 16, 2003
  • Latest Daily Certified version August 9, 2016 revision 001
  • Initial Weekly Certified release date July 16, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Sergei Shevchenko

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube