Win32.Sircam.Worm Alert.....

From: EPiC (epicat_private)
Date: Mon Jul 23 2001 - 11:08:31 PDT

Next message: Meritt James: "multi-OS infections (was Re: A code red that could bring down the net?"

Previous message: Michael Tench: "Re: A code red that could bring down the net?"
In reply to: Jason Lewis: "RE: A code red that could bring down the net?"
Next in thread: H D Moore: "Re: Win32.Sircam.Worm Alert....."
Next in thread: Meritt James: "multi-OS infections (was Re: A code red that could bring down the net?"
Next in thread: Birger Toedtmann: "Re: A code red that could bring down the net?"
Reply: H D Moore: "Re: Win32.Sircam.Worm Alert....."
Reply: Johnson, Greg: "RE: Win32.Sircam.Worm Alert....."
Reply: Martin Lindquist: "Re: Win32.Sircam.Worm Alert....."
Reply: Eric D. Williams: "RE: Win32.Sircam.Worm Alert....."
Reply: Obert, Jack E.: "RE: Win32.Sircam.Worm Alert....."
Reply: Peter Gutmann: "Re: Win32.Sircam.Worm Alert....."
Reply: Pete Sherwood: "Re: Win32.Sircam.Worm Alert....."
Reply: Kyle Plate: "RE: Win32.Sircam.Worm Alert....."
Reply: Chris Freels: "RE: Win32.Sircam.Worm Alert....."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Friday morning I recieved an email from a friend,  it looked as though he
was sending me a .doc to look over. To my dismay, it was a worm that had
infected him.

I have found little information about this worm,  Mostly located at
http://www.symantec.com/avcenter/venc/data/w32.sircam.wormat_private

The Worm will come from someone that has you on there contact list, and will
have a differnt subject line determined by the attached file.

The text will read in english as:

Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks



----------------------------------------------------------------------------
----

****

The link i posted above has a program that will remove the worm,  I would
suggest using that rather than deleting it yourself,  I found that I was
renaming regedit.ext to regedit.com to even open regedt.  The worm tries to
run any executables through it's own shell code.

This being my first real post to Bug-traq I would like feedback.  Any
questions, hate-mail, death-threats etc can be sent off to epicat_private

thank you

EPiC
hack3r.com

Next message: Meritt James: "multi-OS infections (was Re: A code red that could bring down the net?"
Previous message: Michael Tench: "Re: A code red that could bring down the net?"
In reply to: Jason Lewis: "RE: A code red that could bring down the net?"
Next in thread: H D Moore: "Re: Win32.Sircam.Worm Alert....."
Next in thread: Meritt James: "multi-OS infections (was Re: A code red that could bring down the net?"
Next in thread: Birger Toedtmann: "Re: A code red that could bring down the net?"
Reply: H D Moore: "Re: Win32.Sircam.Worm Alert....."
Reply: Johnson, Greg: "RE: Win32.Sircam.Worm Alert....."
Reply: Martin Lindquist: "Re: Win32.Sircam.Worm Alert....."
Reply: Eric D. Williams: "RE: Win32.Sircam.Worm Alert....."
Reply: Obert, Jack E.: "RE: Win32.Sircam.Worm Alert....."
Reply: Peter Gutmann: "Re: Win32.Sircam.Worm Alert....."
Reply: Pete Sherwood: "Re: Win32.Sircam.Worm Alert....."
Reply: Kyle Plate: "RE: Win32.Sircam.Worm Alert....."
Reply: Chris Freels: "RE: Win32.Sircam.Worm Alert....."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 21:09:33 PDT