The Sircam Virus/Worm
Last updated: 9/5/01
Worm Still a Serious Threat. The problem is that
so many average Joes continue to spread the infectious code because they
haven't updated their antivirus software. I
still get many SirCam infected messages...
Worm Determined to Stick Around
7/28 (updated) The Sircam
Virus/Worm is for Real! This is a nasty
virus that is spreading all over the Internet and can destroy your data. My
inbox continues to receive infected mail and many repeated mailings from
people who probably do not realize the messages are being sent and do not
know that the virus is randomly choosing files from their computer and
sending them to the world. I have tried to contact the originators
of these messages, but many have full mailboxes or invalid E-Mail addresses. I
have tried to trace the E-Mail from those people and to contact their ISPs,
but have not been successful in all cases. Please update your
anti-virus program and scan your mailbox! The most recent McAfee,
which I use, works well. Some versions of Norton have
problems and need another update, which I understand is now available. Click here for
Have Not Seen the Last of SirCam. Antivirus experts expect the
SirCam virus to take a breather over the weekend, but it may pick up
new steam as vacationing Europeans return to work Monday.
Virus Eludes Symantec Anti-virus Scanning Update. "The
uniqueness of Sircam is something we haven't seen before -- it supplies
its own SMTP server." said Miller. "It doesn't use the existing
SMTP infrastructure, so it eluded some of our detections." More here.
Virus Removal Tool. Deletes the files infected with the
Sircam worm and removes the changes that were made to a computer by the
to Protect Your PC From the SirCam Worm
Fails to Block SirCam Worm
Worm Snatches FBI Documents. A cybercrime researcher
at the FBI slipped up while handling a virulent Internet worm, allowing
it to e-mail official documents to outsiders. An added twist with
this particular worm is that it sends a random file from the infected
computer's hard drive, which means the worm could potentially send confidential
business data or embarrassing personal information along with itself.
7/24 (updated) The Sircam
Virus/Worm is for Real! So far, I have
received over 20 messages with the virus and have lost count. The
text of the message propagating the worm as an attachment contains:
Hi! How are you?
I send you this file in order to have your advice
See you later. Thanks
The text may be in Spanish (see below). This is a
nasty virus that can destroy your data. Do not open the attachment. Symantec has
more info and instructions for getting rid of it.
For Apple users... E-Mail from tidbits.com
"Larry's right - this one is a nasty one for PC users
affect Macs, other than to be annoying with all the downloads). We've tried
to block some of the attachments at the mail server, but it's fairly
likely that you'll get a few of these. The text of the message
may also be in Spanish. From what we've seen, they tend to have two filename
extensions, like .doc.pif or .xls.com. The second one is designed to make the
file executable. The best thing to do is just delete the messages and their
attachments, but see the page Larry references for full details.
Clogs Mailboxes, Spreads Secrets. The SirCam
worm continued to gain momentum, carrying with it the potential to slow
servers and send company secrets. SirCam sends a random file
from the infected computer, potentially sending confidential business
data or embarrassing personal information along with the virus... memos,
resumes, job listings, credit card numbers...The subject line matches
the name of the file being sent...
worm spreading; vendor warnings upgraded