-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - ----- Original Message ----- From: "EPiC" <epicat_private> To: <vuln-devat_private>; <SECURITY-BASICSat_private> Cc: "ProgramJammer" <programjammerat_private> Sent: Monday, July 23, 2001 2:08 PM Subject: Win32.Sircam.Worm Alert..... > Friday morning I recieved an email from a friend, it looked as though he > was sending me a .doc to look over. To my dismay, it was a worm that had > infected him. > > I have found little information about this worm, Mostly located at > http://www.symantec.com/avcenter/venc/data/w32.sircam.wormat_private In the Anti-Virus arena, that write up is considered a lot ;-! > The Worm will come from someone that has you on there contact list, and will > have a differnt subject line determined by the attached file. Not always. If you have one or more email addresses on web pages the worm has the ability to extract email addresses from Web-Browser cache entries. I've personally chatted with some who has had that happen and seen several postings in the NetNews Group alt.comp.virus already. > The text will read in english as: > > H i ! H o w a r e y o u ? > > I s e nd y o u t h i s f i l e i n o r d e r t o h a v e y o u r a d v i c e > > S e e y o u l a t e r . T h a n k s Take note of this item in the write up! * Message: The message body will be semi-random, * but will always contain one of * the following two lines (either English or Spanish) * as the first and last sentences of the message. * * Spanish Version: * First line: H o l a c o m o e s t a s ? * Last line: N o s v e m o s p r o n t o , g r a c i a s . * * English Version: * First line: H i ! H o w a r e y o u ? * Last line: S e e y o u l a t e r . T h a n k s [NOTE: I had to add spaces as my ISP has put blocks on those phrases already : ( ] Since it will always [get your grains of salt!!!] contain the English or Spanish statements, then mail program rules could be distributed in an effort to keep the gullible from getting infected. At the same time, see if the gullible are willing to update their Anti-Virus signatures as well. PS: I am adding this discussion to the FOCUS-VIRUSat_private forum as this is virus related thread. Pete Sherwood 613-260-0612 (home/office) 613-591-8900 ext. 525 (voice-mail) PGP and Thawte digital keys available @ http://members.home.net/petersherwood/ -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBO17bdbomytMtxLfsEQK/+gCg8pDeCcLE4O2UyqsvdVfSFZQ3vNwAn2DW OC3Fjl4IXnidhveCHYBD2oEQ =4ceh -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Wed Jul 25 2001 - 12:02:49 PDT