Educause Security Discussion mailing list archives
Brepibot and variants
From: Steve Brukbacher <sab2 () UWM EDU>
Date: Mon, 30 Jan 2006 11:11:09 -0600
Hello, Just wanted to make people aware of this: http://isc.sans.org/diary.php?storyid=1075 It appears this virus was especially targeted at universities: We've seen some activity of this on our campus network both Friday and Today. The one we got Friday was W32/Brepibot.gen. Our campus announcement about this is here: https://www3.uwm.edu/imt/security/alerts/news_details.cfm?item_id=761 McAfee 4684 caught this as did CLAM AV. From our testing this only seemed to work on Server 2003. Couldn't get it to run on an XP box. Note sample message bodies below my sig. No infections yet that we're aware of. -- Steve Brukbacher University of Wisconsin Milwaukee Information Security Coordinator UWM Computer Security Web Site www.security.uwm.edu Phone: 414.229.2224 "Hello, We are planning to include you in the new campus magazine in an article titled "Campus Life". Can you approve the photo and article for +us before we go to printing please? If any details are wrong then we can amend before printing on Wednesday the 1st of February so please get back to us as soon as possible. +We have attached the photo and article. Many Thanks & Best Regards, Joseph Hope Editor" "Hello, During the early morning of January 25 2006, a campus student was the victim of a horrific sexual assault within college grounds. +Eyewitnesses report a tall black man in grey pants running away from the scene. Campus CCTV has caught this man on camera and are +looking for ways to identify him. If anyone recognises the attached picture could they inform administraion immediatly Regards, Robert Atkins Campus Administration" One attachment was an .exe and the other was a zipped attachment containing an .exe
Current thread:
- Brepibot and variants Steve Brukbacher (Jan 30)