Re: Win32.Sircam.Worm Alert.....

From: Martin Lindquist (martinat_private)
Date: Tue Jul 24 2001 - 08:13:35 PDT

Next message: Meritt James: "Re: A code red that could bring down the net?"

Previous message: Tom Geldner: "RE: Win32.Sircam.Worm Alert....."
In reply to: EPiC: "Win32.Sircam.Worm Alert....."
Next in thread: horapeat_private: "Re: Win32.Sircam.Worm Alert....."
Next in thread: Kimberly Anne McKinnis: "Re: Win32.Sircam.Worm Alert....."
Next in thread: Meritt James: "multi-OS infections (was Re: A code red that could bring down the net?"
Reply: horapeat_private: "Re: Win32.Sircam.Worm Alert....."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Today I received two e-mails with the mentioned attachments, although
from people I have never heard of before. Since I'm fighting SPAM every
single day, I don't open attachments in e-mails from unknown senders
(some people seem too happy to get e-mail and think everyone who sends
them one is a good guy), but I recognised the text and thought I'd drop
a line about the e-mail I received a couple of days ago, more precisely
Thursday 19th. It's the same mail, with one big difference; it's in
spanish:

| Hola como estas ?
| 
| Te mando este archivo para que me des tu punto de vista
| 
| Nos vemos pronto, gracias.

I don't know much spanish, but it looks to me as a direct translation of
the english version. Subject line was "WOWWWWWWWW" and the attached
(suspected evil) file is named "WOWWWWWWWW.doc.com".

 / Martin Lindquist

--
email:marineat_private
email:martinat_private
phone:+46-70-490 79 03

EPiC wrote:
> 
> Friday morning I recieved an email from a friend,  it looked as though he
> was sending me a .doc to look over. To my dismay, it was a worm that had
> infected him.
> 
> I have found little information about this worm,  Mostly located at
> http://www.symantec.com/avcenter/venc/data/w32.sircam.wormat_private
> 
> The Worm will come from someone that has you on there contact list, and will
> have a differnt subject line determined by the attached file.
> 
> The text will read in english as:
> 
> Hi! How are you?
> 
> I send you this file in order to have your advice
> 
> See you later. Thanks
> 
> ----------------------------------------------------------------------------
> ----
> 
> ****
> 
> The link i posted above has a program that will remove the worm,  I would
> suggest using that rather than deleting it yourself,  I found that I was
> renaming regedit.ext to regedit.com to even open regedt.  The worm tries to
> run any executables through it's own shell code.
> 
> This being my first real post to Bug-traq I would like feedback.  Any
> questions, hate-mail, death-threats etc can be sent off to epicat_private
> 
> thank you
> 
> EPiC
> hack3r.com

Next message: Meritt James: "Re: A code red that could bring down the net?"
Previous message: Tom Geldner: "RE: Win32.Sircam.Worm Alert....."
In reply to: EPiC: "Win32.Sircam.Worm Alert....."
Next in thread: horapeat_private: "Re: Win32.Sircam.Worm Alert....."
Next in thread: Kimberly Anne McKinnis: "Re: Win32.Sircam.Worm Alert....."
Next in thread: Meritt James: "multi-OS infections (was Re: A code red that could bring down the net?"
Reply: horapeat_private: "Re: Win32.Sircam.Worm Alert....."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 24 2001 - 19:06:04 PDT