LOOKOUT!- SIRCAM is on the loose!

[Mactruck]

I recieved an E-mail from a TDR member with an attachment that infected my computer w/ SIRCAM. If you recieve any emails from anyone you know with an attachment, DON'T OPEN IT!



I recieved an email from Cummins that said I sent them a folder with a virus. I did not send them anything. This is a result of that email.



Update your software so we can be rid of this Virus!



If you are sending messages with attachments let them know prior to sending the attachment. Or it may be erased without it being read. If you are recieve an attachment without prior notification ERASE IT!

 

[KatDiesel]

SirCam is both a worm and a virus, replicating itself as a worm does and performing virus-like malicious acts. Fortunately, in most cases, the damage has been limited to simple annoyance caused by the barrage of e-mails bearing the virus-laden attachments, WiredNews says.



SirCam is believed to have been written by a coder in Mexico. The text of the e-mail, which carries SirCam in its attachment, comes in both English and Spanish.



Spanish Version:

Te mando este archivo para que me des tu punto de vista

Espero me puedas ayudar con el archivo que te mando

Espero te guste este archivo que te mando

Este es el archivo con la informacion que me pediste

or

English Version:

I send you this file in order to have your advice (this is the one I recieved)

I hope you can help me with this file that I send

I hope you like the file that I send to you

This is the file with the information that you ask for



I still have a it unopened. I figured it was something odd... . so i never opened it. It was sent to me by a name I recognized... ... so i replied back stating I thought there was a virus present. So far only one I have recieved.

 

[Steve St.Laurent]

I've received about 50 of them from about 20 different people. I just keep deleting them.



-Steve

 

[Doc Tinker]

Does this worm work only by opening the attachment, or does it work in html coded email too?



I'd recommend that we all start using Plain Text email, to help ward off worms that are carried through htlm, too.



Doc

 

[Barry]

I have had that sucker sent to me 3 times by some woman I don't know. I just zapped it into never, never land. I have also had my internet carrier send me an email that they had trapped a few before it got to me. Wonder if my virus net has a hole in it???

 

[John_Barks]

W32/Sircam@mm.worm

Its' kinda funny, as I was reading this thread I recieved an email from someone I do not know. The email said



Hi! How are you?



I send you this file in order to have your advice



See you later. Thanks



The attachment was called. "PRIVATE STOCK FABRICK LIST. xls. pif"

The name dosent matter as it is different every time but the extention is what makes it dangerous as this one was sent as a . pif which is executible.

 

[EMDDIESEL]

I have been getting alot of similar emails too. The computers at work were FLOODED with them

 

[ACoyle]

http://www.cert.org/advisories/CA-2001-22.html



The URL above will takt you to the cert site. They are an organization that gets serious about things like this.



I have been fighting SirCam all week and over the wekend. It not only spreads by email, but as you will see on URL I refered to, it looks for a network and spreads to other computers on the net without benefot of email. Before we learned this we were scrubing stations only to have it go behind us to where we just had been. The file deletion payload does nto trigger till October. The removal tools are pretty good. We use Norton's.



Andy

 

[danandamy]

help the barley 'puter literate

Does a firewall give you any protection from this kind of stuff? I have ZoneAlarm and it's always alerting me to scan attempts while I'm on the internet but have thankfully escaped the virus thing. By the way, you guys on here were the ones who turned me on to the firewall, thanks.

 

[admin2]

No...

No, a firewall does not protect against viruses. It protects against port probing and services connections that people use to find back-doors into your system.



Ken

TDR Admin