Friday morning I recieved an email from a friend, it looked as though he was sending me a .doc to look over. To my dismay, it was a worm that had infected him. I have found little information about this worm, Mostly located at http://www.symantec.com/avcenter/venc/data/w32.sircam.wormat_private The Worm will come from someone that has you on there contact list, and will have a differnt subject line determined by the attached file. The text will read in english as: Hi! How are you? I send you this file in order to have your advice See you later. Thanks ---------------------------------------------------------------------------- ---- **** The link i posted above has a program that will remove the worm, I would suggest using that rather than deleting it yourself, I found that I was renaming regedit.ext to regedit.com to even open regedt. The worm tries to run any executables through it's own shell code. This being my first real post to Bug-traq I would like feedback. Any questions, hate-mail, death-threats etc can be sent off to epicat_private thank you EPiC hack3r.com
This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 21:09:33 PDT