RE: New virus outbreak?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

|->BackDoor-JZ is not a virus but a remote access Trojan (RAT). It does
|->not replicate by itself (if it did, it would be called a virus, or by
|->some, a worm, depending on the replication method).
|->
|->But, BackDoor-JZ is a single file malware so it seems you have a
|->little more than just BackDoor-JZ...
|->

Your right, sorry about that and I see your point. BTW I did not mean to sound like an alarmist with the subject there was supposed to be a "?" on there.

|->> > cbnegs.exe

• From what I'm told this is an assemblage of the names of a few victims. Again I'm sorry I don't have access to the infected hosts so I don't have 1st hand knowledge of how this beasty makes the host react. But I'm trying to get access to an infected host.

|->> The virus appears to infect Windows hosts regardless of the OS

That is my 1st thought as well, I just haven't been able to confirm it yet.

|->> Has anyone seen anything like this? Or recognize the signature

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

I only say mis-detects it since even when the McAfee AV scanner tells the admin the system as been cleaned it is reinfected after a reboot. I've asked them to try scanning in safe mode but as of yet have not heard if this has changed the reinfection situation

|->
|-> Command Software <virus@commandcom.com>

As soon as I get a copy of the files I'll fire them off to all the vendors who have asked for a copy as well as those listed here.

Thanks again Nick,

Cheers

Danny

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPmk9oGb1zPz07fHgEQLnCwCfU+KFsroq7HXI+s9yNRG82mczeiQAnAvP BbukUGt0MHtlMIL8q0Hk1iSd
=p0Dl
-----END PGP SIGNATURE-----

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

<Pre>Lose another weekend managing your IDS? Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A> Received on Mon Mar 10 12:18:59 2003