FC: FBI hit with Sircam virus that distributes files on your HD

From: Declan McCullagh (declanat_private)
Date: Wed Jul 25 2001 - 15:30:09 PDT

  • Next message: Declan McCullagh: "FC: Cato: Germ warfare treaty harms privacy, don't ban Net-gambling"

    CERT has (ahem, finally) released a Sircam advisory this afternoon:
    Sircam is an amazingly noxious critter. I'll give you an example. At Wired 
    News, like other news organizations, we have feedback addresses so people 
    can send us thoughts on articles. Those have been the same for at least 
    three years, so they're well-known and available to programs like Sircam 
    that scan hard drives for email addresses.
    Since 1 am ET Tuesday, we've received about 150 MB of mail directed at 
    those addresses, the vast bulk of it Sircam output. A quick scroll through 
    the messages says about 90 percent of it by message and probably 99 percent 
    of it by size is due to Sircam.
    Dave Farber wrote on his Interesting People list:
    >The person/group who launched the SirCam virus should get the first 
    >Cyberspace death-- namely permanent banishment from any network access any 
    >place in the world. We yell endlessly about spam mail but one mess like 
    >this makes spam mail almost interesting
    Which I heartily endorse.
    From: "Bridis, Ted" <Ted.Bridisat_private>
    To: "'declanat_private'" <declanat_private>
    Subject: fbi, fyi
    Date: Wed, 25 Jul 2001 08:53:19 -0400
    FBI Cyber Researcher Unleashes Virus
    That E-Mails Private Agency Documents
    Staff Reporter of THE WALL STREET JOURNAL
    WASHINGTON -- A researcher in the Federal Bureau of Investigation's
    cyber-protection unit unleashed a fast-spreading Internet virus that
    e-mailed private FBI documents to outsiders -- all on the eve of a Senate
    hearing into troubles at the unit.
    Although the Sircam virus didn't spread to other computers at the FBI's
    National Infrastructure Protection Center, it did send at least eight
    documents to a number of outsiders. One, about the investigation into an
    unrelated virus, was marked "official use only." The Sircam virus has
    infected thousands of computers since its discovery last week.
    FBI spokeswoman Deb Weierman said that no sensitive or classified
    information about continuing investigations was disclosed Tuesday. The
    "official use" designation protects documents from disclosure under the U.S.
    Freedom of Information Act.
    It isn't uncommon for virus researchers to accidentally infect their own
    computers, but the mistake was particularly embarrassing because it occurred
    ahead of a Senate Judiciary panel's oversight hearing about the FBI cyber
    unit's effectiveness. Lawmakers were expected to focus on other agencies'
    failure to cooperate fully with the FBI center, and on a perceived lack of
    trust between the FBI and private-sector groups.
    The unit generally gets high remarks for its criminal investigations, and
    even critics say the unit is more effective than it was a year ago. "The
    effort here is not to embarrass anybody but to stress that a lot of work has
    to be done," said Republican Sen. Jon Kyl of Arizona.
    Meanwhile, the White House has begun organizing a new early-warning network
    for Internet threats. But unlike the current system, it will be coordinated
    by the Pentagon, not the FBI. The mechanism for warning all U.S. military
    and civilian agencies -- and ultimately corporations -- will be dubbed the
    Cyber-Warning and Information Network, or "c-win." Organizers envision
    dozens of computer centers that could sound an alert when a threat is
    The network is expected to begin operating in October. The FBI unit, which
    currently relays these warnings, came under sharp criticism from
    congressional auditors for issuing tardy alerts. Ms. Weierman, the FBI
    spokeswoman, called the new network a "useful mechanism" to offer the
    government a "technical capability that doesn't currently exist." The FBI,
    she said, wasn't concerned it would lose its warning responsibilities.
    Tuesday, at least three people said they received some of the FBI documents,
    including a 23-year-old Internet-security expert in Belgium, Niels Heinen.
    He operates a Web site that reports on Internet break-ins and speculated
    that the analyst, Vince Rowe, visited the site on the infected computer. Mr.
    Rowe didn't respond to a request for comment.
    Write to Ted Bridis at ted.bridisat_private
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    To subscribe, visit http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/

    This archive was generated by hypermail 2b30 : Wed Jul 25 2001 - 16:05:21 PDT