RE: Win32.Sircam.Worm Alert.....

From: Jeremy Rodriguez (jrodriguez@intellinet-tech.com)
Date: 07/25/01 

From: "Jeremy Rodriguez" <jrodriguez@intellinet-tech.com>
To: "Tom Geldner" <tom@xor.cc>, "'Johnson, Greg'" <JohnsonG@missouri.edu>, <vuln-dev@securityfocus.com>, <SECURITY-BASICS@securityfocus.com>
Subject: RE: Win32.Sircam.Worm Alert.....
Date: Wed, 25 Jul 2001 09:19:27 -0400
Message-ID: <HMEIJMEKLHGNJPCDCEBOCEPBCDAA.jrodriguez@intellinet-tech.com>

Yesterday the worm infected 3 of our systems. Just to test I downloaded it,
save it a specific folder and scanned it with Norton's (using the latest
defs) and to my suprise it did not pick it up.
The fix Symantec has:
http://www.sarc.com/avcenter/FixSirc.com

Did find the worm and repair it.

-----Original Message-----
From: Tom Geldner [mailto:tom@xor.cc]
Sent: Tuesday, July 24, 2001 12:35 PM
To: 'Johnson, Greg'; vuln-dev@securityfocus.com;
SECURITY-BASICS@securityfocus.com
Subject: RE: Win32.Sircam.Worm Alert.....

>-----Original Message-----
>From: Johnson, Greg [mailto:JohnsonG@missouri.edu]

>Don't let the e-mail tip-off fool you.
>
>In our University environment we find this and related worms
>spread primarily via unprotected writeable Windows shares. It
>also gets in when a user without up-to-date anti-virus
>software accesses an e-mail server other than our own which
>has an anti-virus filter. Bim-ba-boom!

Some of our corporate accounts have been pounded on by a particular user
on verizon.net. None of those e-mail addresses are from someone's
address book. They are all things like info@, webmaster@, postmaster@
etc. so in our case, someone seems to be trying to propogate it
deliberately.

Tom

Relevant Pages

  • RE: Win32.Sircam.Worm Alert.....
    ... Yesterday the worm infected 3 of our systems. ... save it a specific folder and scanned it with Norton's (using the latest ... >spread primarily via unprotected writeable Windows shares. ... >software accesses an e-mail server other than our own which ...
    (Security-Basics)
  • RE: Win32.Sircam.Worm Alert.....
    ... Fortunately, Yahoo! ... attachments before you download them. ... I heard about the worm looked suspect anyway and I was going to delete it. ... >>software accesses an e-mail server other than our own which ...
    (Security-Basics)
  • Re: Worm or not?
    ... PDsched.exe should be in the Raxco program folder. ... worm would not be there, but rather in the system32 folder. ... > Matrox G450 eTV graphics ... > anti-virus prog, if so which one if Panda and Trend don't see this as a ...
    (microsoft.public.windowsxp.basics)
  • Re: Is winlogon.exe a virus and WinLogon.exe a windows utility?
    ... | possible relationship between winlogn and WinLogon as follows: ... | Process Name: Microsoft Windows Logon Process ... The worm has it?s own SMTP ... If you find WINLOGON.EXE in %windir% or some other folder such as ...
    (microsoft.public.windowsxp.general)
  • re:Cannot enable firewall!
    ... > find the worm on my computer. ... TrendMicro's Sysclean is an extensive antivirus tool which has the ... scanning engine and the virus pattern files. ... Create a new folder on your Desktop or the C: ...
    (microsoft.public.windowsxp.security_admin)