Re: Worm.Cjdr.A and B questions

[Nick FitzGerald <nick () virus-l demon co uk>]

"Brandon" <brandon () northstar k12 ak us> wrote:

> Hello all. This is my first post, so be kind. I have been watching our mail 
> servers virus logs and have seen at least 100 Worm.Cjdr.A and .B cleaned 
> infections. These all appear in a file named p_usb.zip and have never been 
> seen on our mail server up until today. I have searched the major antivirus 
> vendors for information as to what kind of actions and other evil deeds the 
> worm carries out, only to find nothing. I have also searched the standards 
> like google and some of the hacker sites and chat rooms, but nothing. Any 
> information would be appreciated.

What virus scanenr do use?  As naming consistency between scanenrs is 
all but non-existant, not telling us your scanner is less than 
useful... 

That said, I'd hazard there is a fair chance that you have seen what 
many other scanners call "Inor" (and a couple "Suzer") or something 
most scanenrs call "Cidra".

As a new VGrep database has just been released, now would be the ideal 
time to check such things:

   http://www.virusbtn.com/resources/vgrep/index.xml


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html