Full Disclosure mailing list archives
Re: Worm.Cjdr.A and B questions
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 11 Mar 2004 21:38:20 +1300
"Brandon" <brandon () northstar k12 ak us> wrote:
Hello all. This is my first post, so be kind. I have been watching our mail servers virus logs and have seen at least 100 Worm.Cjdr.A and .B cleaned infections. These all appear in a file named p_usb.zip and have never been seen on our mail server up until today. I have searched the major antivirus vendors for information as to what kind of actions and other evil deeds the worm carries out, only to find nothing. I have also searched the standards like google and some of the hacker sites and chat rooms, but nothing. Any information would be appreciated.
What virus scanenr do use? As naming consistency between scanenrs is all but non-existant, not telling us your scanner is less than useful... That said, I'd hazard there is a fair chance that you have seen what many other scanners call "Inor" (and a couple "Suzer") or something most scanenrs call "Cidra". As a new VGrep database has just been released, now would be the ideal time to check such things: http://www.virusbtn.com/resources/vgrep/index.xml -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Worm.Cjdr.A and B questions Brandon (Mar 10)
- Re: Worm.Cjdr.A and B questions Jarkko Turkulainen (Mar 10)
- Re: Worm.Cjdr.A and B questions Nick FitzGerald (Mar 11)