Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Full-Disclosure] Worm.Cjdr.A and B questions
From: Nick FitzGerald (nickvirus-l.demon.co.uk)
Date: Thu Mar 11 2004 - 02:38:20 CST
"Brandon" <brandonnorthstar.k12.ak.us> wrote:
> Hello all. This is my first post, so be kind. I have been watching our mail
> servers virus logs and have seen at least 100 Worm.Cjdr.A and .B cleaned
> infections. These all appear in a file named p_usb.zip and have never been
> seen on our mail server up until today. I have searched the major antivirus
> vendors for information as to what kind of actions and other evil deeds the
> worm carries out, only to find nothing. I have also searched the standards
> like google and some of the hacker sites and chat rooms, but nothing. Any
> information would be appreciated.
What virus scanenr do use? As naming consistency between scanenrs is
all but non-existant, not telling us your scanner is less than
That said, I'd hazard there is a fair chance that you have seen what
many other scanners call "Inor" (and a couple "Suzer") or something
most scanenrs call "Cidra".
As a new VGrep database has just been released, now would be the ideal
time to check such things:
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
Full-Disclosure - We believe in it.