Re: Sircam
From: Meritt James (meritt_james@bah.com)Date: 07/27/01
- Previous message: Meritt James: "Re: Win32.Sircam.Worm Alert....."
- In reply to: Stan Lee (OBU-MY): "RE: Sircam"
- Next in thread: Craig Sprout: "Re: Sircam"
- Next in thread: Pour, Matthew: "RE: Sircam"
- Reply: Craig Sprout: "Re: Sircam"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3B6196F7.AB7B6126@bah.com> Date: Fri, 27 Jul 2001 12:29:43 -0400 From: "Meritt James" <meritt_james@bah.com> To: "Stan Lee (OBU-MY)" <Stan_Lee@trend.com.tw> Subject: Re: Sircam
How about a bit smarter operator sitting at the workstation? That would
STOP the virus from being activated, even if it got that far.
Teach operators "safe computer sex" (gahhhhhh! That term!!!!! But you
know what I mean.)
"Stan Lee (OBU-MY)" wrote:
>
> Hi all,
>
> do you guys think that scanning and cleaning is what you need you do for
> this virus??? What if i suggest to STOP the coming of this virus at all????
>
> You should use a solution that sit on the internet gateway, right after the
> firewall, to STOP all troj_sircam.A at the gateway..
>
> for more detail please visit Trend Micro's site at : www.antivirus.com
>
> Stan
>
> -----Original Message-----
> From: Dom De Vitto [mailto:dom@devitto.com]
> Sent: Friday, July 27, 2001 2:44 AM
> Cc: vuln-dev@securityfocus.com; SECURITY-BASICS@securityfocus.com
> Subject: RE: Sircam
>
> Can I suggest that everyone vaguely interested go to the Symantec site
> and look up the details - it's a complex thing SirCam, and does a lot
> in a lot of ways.
>
> e.g. Scans the Temporary Internet Files for any files containing email
> addresses....
>
> Dom
> -----Original Message-----
> From: Kimberly Anne McKinnis [mailto:elf@nauticom.net]
> Sent: 25 July 2001 21:15
> To: Tom Geldner
> Cc: 'Johnson, Greg'; vuln-dev@securityfocus.com;
> SECURITY-BASICS@securityfocus.com
> Subject: Re:Sircam
>
> From what I've read, it looks for any email addresses on the system, not
> just in address books. So if webmaster@ was posted on a webpage somewhere,
> that may be the cause.
>
> This subject line is causing some peoples mail servers to reject the mail.
> Somehow I doubt the real virus is actually going to send with that subject.
>
> Tom Geldner wrote:
>
> > >-----Original Message-----
> > >From: Johnson, Greg [mailto:JohnsonG@missouri.edu]
> >
> > >Don't let the e-mail tip-off fool you.
> > >
> > >In our University environment we find this and related worms
> > >spread primarily via unprotected writeable Windows shares. It
> > >also gets in when a user without up-to-date anti-virus
> > >software accesses an e-mail server other than our own which
> > >has an anti-virus filter. Bim-ba-boom!
> >
> > Some of our corporate accounts have been pounded on by a particular user
> > on verizon.net. None of those e-mail addresses are from someone's
> > address book. They are all things like info@, webmaster@, postmaster@
> > etc. so in our case, someone seems to be trying to propogate it
> > deliberately.
> >
> > Tom
>
> --
> kimmie mckinnis
> http://www.starjewel.org
> icq:186072/aol:starbreiz
-- James W. Meritt, CISSP, CISA Booz, Allen & Hamilton phone: (410) 684-6566
- Previous message: Meritt James: "Re: Win32.Sircam.Worm Alert....."
- In reply to: Stan Lee (OBU-MY): "RE: Sircam"
- Next in thread: Craig Sprout: "Re: Sircam"
- Next in thread: Pour, Matthew: "RE: Sircam"
- Reply: Craig Sprout: "Re: Sircam"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
