Johannes B. Ullrich jullrich at sans.org
Thu Jan 22 03:17:42 GMT 2004

This is a classic virus HOAX. The message is the virus ;-).
Do not delete this file, you may render your system useless.

However, this brings home an important point: Don't trust
some random guy on a mailing list (no no... trust me...
just not the other guys).

General rules:

- verify virus mails like this with a major AV vendor.
- do a quick Google search on key words (like jdbg.exe).
- check with the source.
- If you are in charge of IT in a company, make sure users
  will not forward virus warnings. They should only go to you
  and you should be the only 'trusted' source for warnings like 

> Hi people - I just found out that I received a virus that is automatically
> passed to everyone in my address book. Since you are in my address book, you
> will probably find it in your computer too. The virus is called jdbg.exe and
> is not detected by Norton or McAfee anti-virus systems. The virus sits
> quietly for 14 days before damaging your system. It is sent automatically by
> 'messenger' using your address book whether you sent it to your contacts or
> not. Here is how to check for the virus and how to get rid of it.

CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040121/2bf33e12/attachment.bin

More information about the list mailing list