Re: Win32.Sircam.Worm Alert.....
From: Martin Lindquist (martin@phreakproductions.cjb.net)Date: 07/24/01
- Previous message: Johnson, Greg: "RE: Win32.Sircam.Worm Alert....."
- In reply to: EPiC: "Win32.Sircam.Worm Alert....."
- Next in thread: horape@tinuviel.compendium.net.ar: "Re: Win32.Sircam.Worm Alert....."
- Next in thread: Kimberly Anne McKinnis: "Re: Win32.Sircam.Worm Alert....."
- Next in thread: Meritt James: "multi-OS infections (was Re: A code red that could bring down the net?"
- Reply: horape@tinuviel.compendium.net.ar: "Re: Win32.Sircam.Worm Alert....."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3B5D909F.7EA20719@phreakproductions.cjb.net> Date: Tue, 24 Jul 2001 17:13:35 +0200 From: Martin Lindquist <martin@phreakproductions.cjb.net> To: EPiC <epic@hack3r.com> Subject: Re: Win32.Sircam.Worm Alert.....
Today I received two e-mails with the mentioned attachments, although
from people I have never heard of before. Since I'm fighting SPAM every
single day, I don't open attachments in e-mails from unknown senders
(some people seem too happy to get e-mail and think everyone who sends
them one is a good guy), but I recognised the text and thought I'd drop
a line about the e-mail I received a couple of days ago, more precisely
Thursday 19th. It's the same mail, with one big difference; it's in
spanish:
| Hola como estas ?
|
| Te mando este archivo para que me des tu punto de vista
|
| Nos vemos pronto, gracias.
I don't know much spanish, but it looks to me as a direct translation of
the english version. Subject line was "WOWWWWWWWW" and the attached
(suspected evil) file is named "WOWWWWWWWW.doc.com".
/ Martin Lindquist
-- email:marine@trouble.net email:martin@phreakproductions.cjb.net phone:+46-70-490 79 03EPiC wrote: > > Friday morning I recieved an email from a friend, it looked as though he > was sending me a .doc to look over. To my dismay, it was a worm that had > infected him. > > I have found little information about this worm, Mostly located at > http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html > > The Worm will come from someone that has you on there contact list, and will > have a differnt subject line determined by the attached file. > > The text will read in english as: > > Hi! How are you? > > I send you this file in order to have your advice > > See you later. Thanks > > ---------------------------------------------------------------------------- > ---- > > **** > > The link i posted above has a program that will remove the worm, I would > suggest using that rather than deleting it yourself, I found that I was > renaming regedit.ext to regedit.com to even open regedt. The worm tries to > run any executables through it's own shell code. > > This being my first real post to Bug-traq I would like feedback. Any > questions, hate-mail, death-threats etc can be sent off to epic@hack3r.com > > thank you > > EPiC > hack3r.com
- Previous message: Johnson, Greg: "RE: Win32.Sircam.Worm Alert....."
- In reply to: EPiC: "Win32.Sircam.Worm Alert....."
- Next in thread: horape@tinuviel.compendium.net.ar: "Re: Win32.Sircam.Worm Alert....."
- Next in thread: Kimberly Anne McKinnis: "Re: Win32.Sircam.Worm Alert....."
- Next in thread: Meritt James: "multi-OS infections (was Re: A code red that could bring down the net?"
- Reply: horape@tinuviel.compendium.net.ar: "Re: Win32.Sircam.Worm Alert....."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
