It is my understanding that SirCam will look through the html code in your internet cache directory to pick out e-mail addresses... This may not be an intentional distribution since people regularly access their corporate sites and referenced on those sites are the mail addresses listed below... Jack E. Obert, GSEC Technical Information Security Officer St. John's Health System -----Original Message----- From: Tom Geldner [mailto:tomat_private] Sent: Tuesday, July 24, 2001 11:35 AM To: 'Johnson, Greg'; vuln-devat_private; SECURITY-BASICSat_private Subject: RE: Win32.Sircam.Worm Alert..... >-----Original Message----- >From: Johnson, Greg [mailto:JohnsonGat_private] >Don't let the e-mail tip-off fool you. > >In our University environment we find this and related worms >spread primarily via unprotected writeable Windows shares. It >also gets in when a user without up-to-date anti-virus >software accesses an e-mail server other than our own which >has an anti-virus filter. Bim-ba-boom! Some of our corporate accounts have been pounded on by a particular user on verizon.net. None of those e-mail addresses are from someone's address book. They are all things like info@, webmaster@, postmaster@ etc. so in our case, someone seems to be trying to propogate it deliberately. Tom
This archive was generated by hypermail 2b30 : Wed Jul 25 2001 - 10:08:30 PDT