[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Worm.Cjdr.A and B questions

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Worm.Cjdr.A and B questions
From: Nick FitzGerald <nick@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 11 Mar 2004 21:38:20 +1300

"Brandon" <brandon@xxxxxxxxxxxxxxxxxxx> wrote:

> Hello all. This is my first post, so be kind. I have been watching our mail 
> servers virus logs and have seen at least 100 Worm.Cjdr.A and .B cleaned 
> infections. These all appear in a file named p_usb.zip and have never been 
> seen on our mail server up until today. I have searched the major antivirus 
> vendors for information as to what kind of actions and other evil deeds the 
> worm carries out, only to find nothing. I have also searched the standards 
> like google and some of the hacker sites and chat rooms, but nothing. Any 
> information would be appreciated.

What virus scanenr do use?  As naming consistency between scanenrs is 
all but non-existant, not telling us your scanner is less than 
useful... 

That said, I'd hazard there is a fair chance that you have seen what 
many other scanners call "Inor" (and a couple "Suzer") or something 
most scanenrs call "Cidra".

As a new VGrep database has just been released, now would be the ideal 
time to check such things:

   http://www.virusbtn.com/resources/vgrep/index.xml

-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Worm.Cjdr.A and B questions
  - From: Brandon

Prev by Date: Re: [Full-Disclosure] Caching a sniffer
Next by Date: RE: [Full-Disclosure] Comcast using IPS to protect the Internetfrom their home user clients?
Previous by thread: Re: [Full-Disclosure] Worm.Cjdr.A and B questions
Next by thread: [Full-Disclosure] Searching chroot-like jail for Windows
Index(es):
- Date
- Thread