RE: Sircam

From: Dom De Vitto (dom@devitto.com)
Date: 07/26/01

• Previous message: Joe Shaw: "Re: NetBSD ipfilter stateful??"
• In reply to: Kimberly Anne McKinnis: "Re:Sircam"
• Next in thread: Lim Ghee Lam: "Re: Sircam"
• Next in thread: Ron DuFresne: "Re: Win32.Sircam.Worm Alert....."
• Reply: Lim Ghee Lam: "Re: Sircam"
• Reply: Stan Lee (OBU-MY): "RE: Sircam"
• Reply: Pour, Matthew: "RE: Sircam"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Dom De Vitto" <dom@devitto.com>
Subject: RE: Sircam
Date: Thu, 26 Jul 2001 19:43:54 +0100
Message-ID: <NDBBJOKICOHGIJLJDFEJIEALDDAA.dom@devitto.com>

Can I suggest that everyone vaguely interested go to the Symantec site
and look up the details - it's a complex thing SirCam, and does a lot
in a lot of ways.

e.g. Scans the Temporary Internet Files for any files containing email
addresses....

Dom
-----Original Message-----
From: Kimberly Anne McKinnis [mailto:elf@nauticom.net]
Sent: 25 July 2001 21:15
To: Tom Geldner
Cc: 'Johnson, Greg'; vuln-dev@securityfocus.com;
SECURITY-BASICS@securityfocus.com
Subject: Re:Sircam

From what I've read, it looks for any email addresses on the system, not
just in address books. So if webmaster@ was posted on a webpage somewhere,
that may be the cause.

This subject line is causing some peoples mail servers to reject the mail.
Somehow I doubt the real virus is actually going to send with that subject.

Tom Geldner wrote:

> >-----Original Message-----
> >From: Johnson, Greg [mailto:JohnsonG@missouri.edu]
>
> >Don't let the e-mail tip-off fool you.
> >
> >In our University environment we find this and related worms
> >spread primarily via unprotected writeable Windows shares. It
> >also gets in when a user without up-to-date anti-virus
> >software accesses an e-mail server other than our own which
> >has an anti-virus filter. Bim-ba-boom!
>
> Some of our corporate accounts have been pounded on by a particular user
> on verizon.net. None of those e-mail addresses are from someone's
> address book. They are all things like info@, webmaster@, postmaster@
> etc. so in our case, someone seems to be trying to propogate it
> deliberately.
>
> Tom

--
kimmie mckinnis
http://www.starjewel.org
icq:186072/aol:starbreiz

---

• Previous message: Joe Shaw: "Re: NetBSD ipfilter stateful??"
• In reply to: Kimberly Anne McKinnis: "Re:Sircam"
• Next in thread: Lim Ghee Lam: "Re: Sircam"
• Next in thread: Ron DuFresne: "Re: Win32.Sircam.Worm Alert....."
• Reply: Lim Ghee Lam: "Re: Sircam"
• Reply: Stan Lee (OBU-MY): "RE: Sircam"
• Reply: Pour, Matthew: "RE: Sircam"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: Sircam ... Subject: Sircam ... This subject line is causing some peoples mail servers to reject the mail. ... Tom Geldner wrote: ... >>software accesses an e-mail server other than our own which ... (Vuln-Dev) RE: Sircam ... Subject: Sircam ... What if i suggest to STOP the coming of this virus at all???? ... Tom Geldner wrote: ... >>software accesses an e-mail server other than our own which ... (Security-Basics) Re: Sircam ... Subject: Sircam ... I use snort IDS and have written rules to block it.. ... block it at the mail server leval. ... > To: Tom Geldner ... (Security-Basics) Re: Sircam ... Subject: Sircam ... I use snort IDS and have written rules to block it.. ... block it at the mail server leval. ... > To: Tom Geldner ... (Vuln-Dev) Re: Re:Sircam ... Subject: Sircam ... On Wed, 25 Jul 2001, Kimberly Anne McKinnis wrote: ... > This subject line is causing some peoples mail servers to reject the mail. ... (Security-Basics)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)