Re: Win32.Sircam.Worm Alert.....
From: Meritt James (meritt_james@bah.com)Date: 07/27/01
- Previous message: EPiC: "Re: Sircam"
- In reply to: Juanita Fernando: "Re: Win32.Sircam.Worm Alert....."
- Next in thread: Cole, Timothy D.: "benign three-component attachment names (Was: Re: Win32.Sircam.Worm Alert.....)"
- Next in thread: thin-line@ftb.com: "RE: Win32.Sircam.Worm Alert....."
- Reply: Cole, Timothy D.: "benign three-component attachment names (Was: Re: Win32.Sircam.Worm Alert.....)"
- Reply: Pete Sherwood: "Re: Win32.Sircam.Worm Alert....."
- Reply: Anthony Carnemolla: "Re: Win32.Sircam.Worm Alert....."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3B6193B5.856B7221@bah.com> Date: Fri, 27 Jul 2001 12:15:49 -0400 From: "Meritt James" <meritt_james@bah.com> To: Juanita Fernando <jsscn@optushome.com.au> Subject: Re: Win32.Sircam.Worm Alert.....
Quite a few add the extension as a way of "hiding" what is going on, not
just Sircam. If you get an attachment with THREE groupings, assume it
is a 'bad thing' and act appropriately. Has anyone seen a three-group
attachment and it been ok?
V/R
Jim
Juanita Fernando wrote:
>
> Hi,
>
> We were caught by surprise by the virus.. it affected 200 workstations
> before we "caught" it. Vet is on top of it now. As a matter of interest,
> the way we identified suspect file attachments was that those affected seem
> to have two file extensions - eg. "word.doc.bat". This signature enabled us
> to get users involved in its control prior to the VET patch installation
> which deletes it from the server and affected workstations.
>
> Cheers
>
> Juanita
> ----- Original Message -----
> From: "Kyle Plate" <kyle@CLASSIFIEDTECHNOLOGIES.COM>
> To: <vuln-dev@securityfocus.com>; <SECURITY-BASICS@securityfocus.com>
> Sent: Thursday, July 26, 2001 8:04 AM
> Subject: RE: Win32.Sircam.Worm Alert.....
>
> > FYI:
> >
> > Using Symantec's NAV for Exchange (Virus def: 7/18/01 12:00am) has been
> > successful for us in detecting and moving to quarantine all Sircam
> infected
> > messages that have been sent to our server.
> >
> > -----Original Message-----
> > From: Jeremy Rodriguez [mailto:jrodriguez@intellinet-tech.com]
> > Sent: Wednesday, July 25, 2001 9:19 AM
> > To: Tom Geldner; 'Johnson, Greg'; vuln-dev@securityfocus.com;
> > SECURITY-BASICS@securityfocus.com
> > Subject: RE: Win32.Sircam.Worm Alert.....
> >
> > Yesterday the worm infected 3 of our systems. Just to test I downloaded
> it,
> > save it a specific folder and scanned it with Norton's (using the latest
> > defs) and to my suprise it did not pick it up.
> > The fix Symantec has:
> > http://www.sarc.com/avcenter/FixSirc.com
> >
> > Did find the worm and repair it.
> >
> >
-- James W. Meritt, CISSP, CISA Booz, Allen & Hamilton phone: (410) 684-6566
- Previous message: EPiC: "Re: Sircam"
- In reply to: Juanita Fernando: "Re: Win32.Sircam.Worm Alert....."
- Next in thread: Cole, Timothy D.: "benign three-component attachment names (Was: Re: Win32.Sircam.Worm Alert.....)"
- Next in thread: thin-line@ftb.com: "RE: Win32.Sircam.Worm Alert....."
- Reply: Cole, Timothy D.: "benign three-component attachment names (Was: Re: Win32.Sircam.Worm Alert.....)"
- Reply: Pete Sherwood: "Re: Win32.Sircam.Worm Alert....."
- Reply: Anthony Carnemolla: "Re: Win32.Sircam.Worm Alert....."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
