Win32.Sircam.Worm Alert.....

From: EPiC (epic@hack3r.com)
Date: 07/23/01


Message-ID: <01d601c113a2$7b7e77c0$d2e714d8@hack3r.org>
From: "EPiC" <epic@hack3r.com>
To: <vuln-dev@securityfocus.com>, <SECURITY-BASICS@securityfocus.com>
Subject: Win32.Sircam.Worm Alert.....
Date: Mon, 23 Jul 2001 12:08:31 -0600

Friday morning I recieved an email from a friend, it looked as though he
was sending me a .doc to look over. To my dismay, it was a worm that had
infected him.

I have found little information about this worm, Mostly located at
http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html

The Worm will come from someone that has you on there contact list, and will
have a differnt subject line determined by the attached file.

The text will read in english as:

Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks

----------------------------------------------------------------------------

----

****

The link i posted above has a program that will remove the worm, I would suggest using that rather than deleting it yourself, I found that I was renaming regedit.ext to regedit.com to even open regedt. The worm tries to run any executables through it's own shell code.

This being my first real post to Bug-traq I would like feedback. Any questions, hate-mail, death-threats etc can be sent off to epic@hack3r.com

thank you

EPiC hack3r.com