Article 2: TalkBiz News                       

Virus Alert Issue                     

  -----===(*)===-----

Hi folks, You know I rarely send emails about viruses. Most of them are either already well known or the emails circulating about them are hoaxes. There's one out there that's spreading pretty quickly, and it's creating a lot of problems.

It's called SirCam, and it has some unusual aspects. Among them, it sends email not only to the addresses in your Outlook addressbook, but also to any addresses on web pages that are in your Netscape or Explorer caches.

In addition, it sends an apparently random file from the HDs of infected computers along with it. ANY file on your machine could be copied and sent to hundreds of other users. In some cases that could be simply embarrassing. In others, depending on the contents of the file, it could be quite costly.

The subject line will be the name of the file it sends out from your system. The files I've gotten (over 40 copies of the thing so far) have ranged from 200k to slightly over 300k. Reports of files attached at sizes of several megs have occurred.

It is reported to carry its own SMTP agent along with it, which is yet another interesting twist.

Some of the main anti-virus software won't catch it, even in their latest versions. Kaspersky is said to clean it out thoroughly. You can get a demo copy which will do the job at: http://www.kaspersky.com/

....

Symantec's summary: http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html From Symantec's description: This worm arrives as an email message with the following content: Subject: The subject of the email will be random, and will be the same as the file name of the attachment in the email. Message: The message body will be semi-random, but will always contain one of the following two lines (either English or Spanish) as the first and last sentences of the message.

Spanish Version:
First line: Hola como estas ? Last line: Nos vemos pronto, gracias.

English Version: First line:
Hi! How are you? Last line: See you later. Thanks

Between these two sentences, some of the following text may appear:

Spanish Version:
Te mando este archivo para que me des tu punto de vista
Espero me puedas ayudar con el archivo que te mando
Espero te guste este archivo que te mando
Este es el archivo con la informaci=n que me pediste

English Version:

I send you this file in order to have your advice
I hope you can help me with this file that I send
I hope you like the file that I sendo you This is the file with the information that you ask for

....

You can filter on those lines in the body copy until you get an updated version of your anti-virus program.

Or get a copy of Kapersky. Article from C|Net about the potential damage: http://news.cnet.com/news/0-1003-200-6647394.html?tag=owv

....

This one is fairly serious in terms of both bandwidth and mailserver damage. The best way to avoid getting infected is the same old standard that I've been harping on for years. (Long time readers know what's coming...)

NEVER open attachments from strangers, and only open them from friends if you know they're coming before they get there! Spread the word, folks.

Practice safe hex.

Paul                     

-----===(*)===-----

To subscribe to TalkBiz News, send an email to mailto:subscribe@talkbiz.com To unsubscribe, send an email to mailto:unsubscribe@talkbiz.com Pass this newsletter along to anyone you like, as long as it's passed along complete. © Paul Myers, 2001