Win32.Sircam.Worm Alert.....
From: EPiC (epic@hack3r.com)Date: 07/23/01
- Previous message: Michael Tench: "Re: A code red that could bring down the net?"
- In reply to: Jason Lewis: "RE: A code red that could bring down the net?"
- Next in thread: H D Moore: "Re: Win32.Sircam.Worm Alert....."
- Next in thread: Meritt James: "multi-OS infections (was Re: A code red that could bring down the net?"
- Next in thread: Birger Toedtmann: "Re: A code red that could bring down the net?"
- Reply: H D Moore: "Re: Win32.Sircam.Worm Alert....."
- Reply: Johnson, Greg: "RE: Win32.Sircam.Worm Alert....."
- Reply: Martin Lindquist: "Re: Win32.Sircam.Worm Alert....."
- Reply: Kimberly Anne McKinnis: "Re: Win32.Sircam.Worm Alert....."
- Reply: Eric D. Williams: "RE: Win32.Sircam.Worm Alert....."
- Reply: Bruno Lustosa: "Re: Win32.Sircam.Worm Alert....."
- Reply: Obert, Jack E.: "RE: Win32.Sircam.Worm Alert....."
- Reply: Peter Gutmann: "Re: Win32.Sircam.Worm Alert....."
- Reply: Pete Sherwood: "Re: Win32.Sircam.Worm Alert....."
- Reply: Kyle Plate: "RE: Win32.Sircam.Worm Alert....."
- Reply: Chris Freels: "RE: Win32.Sircam.Worm Alert....."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <01d601c113a2$7b7e77c0$d2e714d8@hack3r.org> From: "EPiC" <epic@hack3r.com> To: <vuln-dev@securityfocus.com>, <SECURITY-BASICS@securityfocus.com> Subject: Win32.Sircam.Worm Alert..... Date: Mon, 23 Jul 2001 12:08:31 -0600
Friday morning I recieved an email from a friend, it looked as though he
was sending me a .doc to look over. To my dismay, it was a worm that had
infected him.
I have found little information about this worm, Mostly located at
http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html
The Worm will come from someone that has you on there contact list, and will
have a differnt subject line determined by the attached file.
The text will read in english as:
Hi! How are you?
I send you this file in order to have your advice
See you later. Thanks
----------------------------------------------------------------------------
----****
The link i posted above has a program that will remove the worm, I would suggest using that rather than deleting it yourself, I found that I was renaming regedit.ext to regedit.com to even open regedt. The worm tries to run any executables through it's own shell code.
This being my first real post to Bug-traq I would like feedback. Any questions, hate-mail, death-threats etc can be sent off to epic@hack3r.com
thank you
EPiC hack3r.com
- Previous message: Michael Tench: "Re: A code red that could bring down the net?"
- In reply to: Jason Lewis: "RE: A code red that could bring down the net?"
- Next in thread: H D Moore: "Re: Win32.Sircam.Worm Alert....."
- Next in thread: Meritt James: "multi-OS infections (was Re: A code red that could bring down the net?"
- Next in thread: Birger Toedtmann: "Re: A code red that could bring down the net?"
- Reply: H D Moore: "Re: Win32.Sircam.Worm Alert....."
- Reply: Johnson, Greg: "RE: Win32.Sircam.Worm Alert....."
- Reply: Martin Lindquist: "Re: Win32.Sircam.Worm Alert....."
- Reply: Kimberly Anne McKinnis: "Re: Win32.Sircam.Worm Alert....."
- Reply: Eric D. Williams: "RE: Win32.Sircam.Worm Alert....."
- Reply: Bruno Lustosa: "Re: Win32.Sircam.Worm Alert....."
- Reply: Obert, Jack E.: "RE: Win32.Sircam.Worm Alert....."
- Reply: Peter Gutmann: "Re: Win32.Sircam.Worm Alert....."
- Reply: Pete Sherwood: "Re: Win32.Sircam.Worm Alert....."
- Reply: Kyle Plate: "RE: Win32.Sircam.Worm Alert....."
- Reply: Chris Freels: "RE: Win32.Sircam.Worm Alert....."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
