RE: Win32.Sircam.Worm Alert.....

From: Craig Leikis (cleikis@superpages.com)
Date: 07/26/01 

Date: Thu, 26 Jul 2001 06:05:37 -0500 (CDT)
From: Craig Leikis <cleikis@superpages.com>
To: Jeremy Rodriguez <jrodriguez@intellinet-tech.com>
Subject: RE: Win32.Sircam.Worm Alert.....
Message-ID: <Pine.GSO.4.33.0107260601050.22564-100000@manx.superpages.com>

I have received several messages with this worm through yahoo! mail.
Fortunately, Yahoo! includes a feature to have Norton Anti-virus scan
attachments before you download them. The first message I received before
I heard about the worm looked suspect anyway and I was going to delete it.
I scanned it for the heck of it and sure enough it was the sircam worm.

Craig

On Wed, 25 Jul 2001, Jeremy Rodriguez wrote:

> Yesterday the worm infected 3 of our systems. Just to test I downloaded it,
> save it a specific folder and scanned it with Norton's (using the latest
> defs) and to my suprise it did not pick it up.
> The fix Symantec has:
> http://www.sarc.com/avcenter/FixSirc.com
>
> Did find the worm and repair it.
>
>
> -----Original Message-----
> From: Tom Geldner [mailto:tom@xor.cc]
> Sent: Tuesday, July 24, 2001 12:35 PM
> To: 'Johnson, Greg'; vuln-dev@securityfocus.com;
> SECURITY-BASICS@securityfocus.com
> Subject: RE: Win32.Sircam.Worm Alert.....
>
>
>
>
> >-----Original Message-----
> >From: Johnson, Greg [mailto:JohnsonG@missouri.edu]
>
> >Don't let the e-mail tip-off fool you.
> >
> >In our University environment we find this and related worms
> >spread primarily via unprotected writeable Windows shares. It
> >also gets in when a user without up-to-date anti-virus
> >software accesses an e-mail server other than our own which
> >has an anti-virus filter. Bim-ba-boom!
>
> Some of our corporate accounts have been pounded on by a particular user
> on verizon.net. None of those e-mail addresses are from someone's
> address book. They are all things like info@, webmaster@, postmaster@
> etc. so in our case, someone seems to be trying to propogate it
> deliberately.
>
> Tom
>

Relevant Pages

  • RE: Novarg
    ... That means we aren't dependant on a virus signature being released to block ... this worm. ... Yes as many of you have noticed Novarg is spreading ... Do you Yahoo!? ...
    (Incidents)
  • RE: [fw-wiz] To spoof or not to spoof???? That is the question....
    ... > Clark Systems Support, LLC ... since this worm has happened before ... Is my yahoo mail account ...
    (Firewall-Wizards)
  • Re: Code Blue
    ... Instead of general searches of the web, try Anti-Virus ... haven't been catalogued by the search 'bots yet... ... > I am wondering witch MS Vulnerabilities the worm ... Get email alerts & NEW webcam video instant messaging with Yahoo! ...
    (Focus-Microsoft)
  • Re: Alert: Yahoo messenger Virus is out there, Beware!
    ... And the virus sent the link to all my ... you are in Yahoo messenger list of infected person,then you are bound ... It is a worm and not a virus, it isn't dangerous, but very annoying. ... Registry Editor and Task Manager. ...
    (alt.comp.anti-virus)
  • Worm Attacks Yahoo Email
    ... Monday that a software virus aimed at Yahoo Mail users had infected "a ... The e-mail virus, or worm, has been dubbed Yamanner and landed in ...
    (comp.dcom.telecom)