Re: Win32.Sircam.Worm Alert.....
From: Ron DuFresne (dufresne@winternet.com)Date: 07/24/01
- Previous message: LMRebelo@montepiogeral.pt: "FW: Small ISP/ASP security concerns"
- In reply to: EPiC: "Win32.Sircam.Worm Alert....."
- Next in thread: H D Moore: "Re: Win32.Sircam.Worm Alert....."
- Next in thread: Dom De Vitto: "RE: A code red that could bring down the net?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 24 Jul 2001 02:48:04 -0500 (CDT) From: Ron DuFresne <dufresne@winternet.com> To: EPiC <epic@hack3r.com> Subject: Re: Win32.Sircam.Worm Alert..... Message-ID: <Pine.GSO.4.05.10107240245570.28773-100000@tundra.winternet.com>
A closer look at the attachment, we recieved two via various others
infected systemsaddressbooks, one will note the .pif extention added after
the .doc, easy to identify if one takes a second to look. We deleted and
warned the sending addresses, yet, many won't look closer...
Thanks,
Ron DuFresne
On Mon, 23 Jul 2001, EPiC wrote:
> Friday morning I recieved an email from a friend, it looked as though he
> was sending me a .doc to look over. To my dismay, it was a worm that had
> infected him.
>
> I have found little information about this worm, Mostly located at
> http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html
>
> The Worm will come from someone that has you on there contact list, and will
> have a differnt subject line determined by the attached file.
>
> The text will read in english as:
>
> Hi! How are you?
>
> I send you this file in order to have your advice
>
> See you later. Thanks
>
>
>
> ----------------------------------------------------------------------------
> ----
>
> ****
>
> The link i posted above has a program that will remove the worm, I would
> suggest using that rather than deleting it yourself, I found that I was
> renaming regedit.ext to regedit.com to even open regedt. The worm tries to
> run any executables through it's own shell code.
>
> This being my first real post to Bug-traq I would like feedback. Any
> questions, hate-mail, death-threats etc can be sent off to epic@hack3r.com
>
> thank you
>
> EPiC
> hack3r.com
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
- Previous message: LMRebelo@montepiogeral.pt: "FW: Small ISP/ASP security concerns"
- In reply to: EPiC: "Win32.Sircam.Worm Alert....."
- Next in thread: H D Moore: "Re: Win32.Sircam.Worm Alert....."
- Next in thread: Dom De Vitto: "RE: A code red that could bring down the net?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
