The Drupal security team receives reports of all sorts all the time.
Some of them are false positives by security scanning software.
Today we got a report about a Trojan being detected in Drupal 6.10 and 6.13 by TrendMicro OfficeScan version 10, in the following files:
modules/color/color.install - BQDR_IRCBOT.BZQ modules/profile/profile-wrapper.tpl.php - TROJ_SWIZZOR.KXV modules/translation/translation.module - TROJ_FRAUDLO.LL
These files are plain text and valid PHP files.
Long time security team member Bart Jansens was able to verify that indeed the same software does generate those false positives.
Other visitors to Drupal.org have also reported the same issue. One of them has notified TrendMicro of the issue.
We hope that TrendMicro soon issues an update that fixes this false positive.