Can I suggest that everyone vaguely interested go to the Symantec site and look up the details - it's a complex thing SirCam, and does a lot in a lot of ways. e.g. Scans the Temporary Internet Files for any files containing email addresses.... Dom -----Original Message----- From: Kimberly Anne McKinnis [mailto:elfat_private] Sent: 25 July 2001 21:15 To: Tom Geldner Cc: 'Johnson, Greg'; vuln-devat_private; SECURITY-BASICSat_private Subject: Re:Sircam From what I've read, it looks for any email addresses on the system, not just in address books. So if webmaster@ was posted on a webpage somewhere, that may be the cause. This subject line is causing some peoples mail servers to reject the mail. Somehow I doubt the real virus is actually going to send with that subject. Tom Geldner wrote: > >-----Original Message----- > >From: Johnson, Greg [mailto:JohnsonGat_private] > > >Don't let the e-mail tip-off fool you. > > > >In our University environment we find this and related worms > >spread primarily via unprotected writeable Windows shares. It > >also gets in when a user without up-to-date anti-virus > >software accesses an e-mail server other than our own which > >has an anti-virus filter. Bim-ba-boom! > > Some of our corporate accounts have been pounded on by a particular user > on verizon.net. None of those e-mail addresses are from someone's > address book. They are all things like info@, webmaster@, postmaster@ > etc. so in our case, someone seems to be trying to propogate it > deliberately. > > Tom -- kimmie mckinnis http://www.starjewel.org icq:186072/aol:starbreiz
This archive was generated by hypermail 2b30 : Thu Jul 26 2001 - 13:00:16 PDT