Win32.Sircam.Worm Alert.....

From: EPiC (
Date: 07/23/01

Message-ID: <01d601c113a2$7b7e77c0$>
From: "EPiC" <>
To: <>, <>
Subject: Win32.Sircam.Worm Alert.....
Date: Mon, 23 Jul 2001 12:08:31 -0600

Friday morning I recieved an email from a friend, it looked as though he
was sending me a .doc to look over. To my dismay, it was a worm that had
infected him.

I have found little information about this worm, Mostly located at

The Worm will come from someone that has you on there contact list, and will
have a differnt subject line determined by the attached file.

The text will read in english as:

Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks




The link i posted above has a program that will remove the worm, I would suggest using that rather than deleting it yourself, I found that I was renaming regedit.ext to to even open regedt. The worm tries to run any executables through it's own shell code.

This being my first real post to Bug-traq I would like feedback. Any questions, hate-mail, death-threats etc can be sent off to

thank you