RE: Sircam
From: Pour, Matthew (mpour@bmc.com)Date: 07/27/01
- Previous message: Bartel, Matt: "SecureIIS"
- Maybe in reply to: Dom De Vitto: "RE: Sircam"
- Next in thread: Jude_2_Naidoo@sbphrd.com: "Re:Sircam"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <CE54CE27DA40D411A56F00D0B75D07C20550C353@ES03-HOU.bmc.com> From: "Pour, Matthew" <mpour@bmc.com> To: "'Stan Lee (OBU-MY)'" <Stan_Lee@trend.com.tw> Subject: RE: Sircam Date: Fri, 27 Jul 2001 10:59:53 -0500
This is a shameless plug.
Your product did not eradicate SirCam with your initial Definition file. It
took three releases due to the variations.
Configuring your gateway or Exchange server to block PIF or LNK extensions
is a nice way to stop it.
Proper management of AV at all levels is the only way to go. Stopping it at
the gateway is great, but it doesn't help with someone uses Web Email or POP
to bring the sucker in.
Matthew Pour
BMC Software
http://www.bmc.com
-----Original Message-----
From: Stan Lee (OBU-MY) [mailto:Stan_Lee@trend.com.tw]
Sent: Thursday, July 26, 2001 11:09 PM
To: Dom De Vitto
Cc: vuln-dev@securityfocus.com; SECURITY-BASICS@securityfocus.com
Subject: RE: Sircam
Importance: High
Hi all,
do you guys think that scanning and cleaning is what you need you do for
this virus??? What if i suggest to STOP the coming of this virus at all????
You should use a solution that sit on the internet gateway, right after the
firewall, to STOP all troj_sircam.A at the gateway..
for more detail please visit Trend Micro's site at : www.antivirus.com
Stan
-----Original Message-----
From: Dom De Vitto [mailto:dom@devitto.com]
Sent: Friday, July 27, 2001 2:44 AM
Cc: vuln-dev@securityfocus.com; SECURITY-BASICS@securityfocus.com
Subject: RE: Sircam
Can I suggest that everyone vaguely interested go to the Symantec site
and look up the details - it's a complex thing SirCam, and does a lot
in a lot of ways.
e.g. Scans the Temporary Internet Files for any files containing email
addresses....
Dom
-----Original Message-----
From: Kimberly Anne McKinnis [mailto:elf@nauticom.net]
Sent: 25 July 2001 21:15
To: Tom Geldner
Cc: 'Johnson, Greg'; vuln-dev@securityfocus.com;
SECURITY-BASICS@securityfocus.com
Subject: Re:Sircam
From what I've read, it looks for any email addresses on the system, not
just in address books. So if webmaster@ was posted on a webpage somewhere,
that may be the cause.
This subject line is causing some peoples mail servers to reject the mail.
Somehow I doubt the real virus is actually going to send with that subject.
Tom Geldner wrote:
> >-----Original Message-----
> >From: Johnson, Greg [mailto:JohnsonG@missouri.edu]
>
> >Don't let the e-mail tip-off fool you.
> >
> >In our University environment we find this and related worms
> >spread primarily via unprotected writeable Windows shares. It
> >also gets in when a user without up-to-date anti-virus
> >software accesses an e-mail server other than our own which
> >has an anti-virus filter. Bim-ba-boom!
>
> Some of our corporate accounts have been pounded on by a particular user
> on verizon.net. None of those e-mail addresses are from someone's
> address book. They are all things like info@, webmaster@, postmaster@
> etc. so in our case, someone seems to be trying to propogate it
> deliberately.
>
> Tom
-- kimmie mckinnis http://www.starjewel.org icq:186072/aol:starbreiz
- Previous message: Bartel, Matt: "SecureIIS"
- Maybe in reply to: Dom De Vitto: "RE: Sircam"
- Next in thread: Jude_2_Naidoo@sbphrd.com: "Re:Sircam"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
