Vulnerability Development mailing list archives
Re: Win32.Sircam.Worm Alert.....
From: Martin Lindquist <martin () phreakproductions cjb net>
Date: Tue, 24 Jul 2001 17:13:35 +0200
Today I received two e-mails with the mentioned attachments, although from people I have never heard of before. Since I'm fighting SPAM every single day, I don't open attachments in e-mails from unknown senders (some people seem too happy to get e-mail and think everyone who sends them one is a good guy), but I recognised the text and thought I'd drop a line about the e-mail I received a couple of days ago, more precisely Thursday 19th. It's the same mail, with one big difference; it's in spanish: | Hola como estas ? | | Te mando este archivo para que me des tu punto de vista | | Nos vemos pronto, gracias. I don't know much spanish, but it looks to me as a direct translation of the english version. Subject line was "WOWWWWWWWW" and the attached (suspected evil) file is named "WOWWWWWWWW.doc.com". / Martin Lindquist -- email:marine () trouble net email:martin () phreakproductions cjb net phone:+46-70-490 79 03 EPiC wrote:
Friday morning I recieved an email from a friend, it looked as though he was sending me a .doc to look over. To my dismay, it was a worm that had infected him. I have found little information about this worm, Mostly located at http://www.symantec.com/avcenter/venc/data/w32.sircam.worm () mm html The Worm will come from someone that has you on there contact list, and will have a differnt subject line determined by the attached file. The text will read in english as: Hi! How are you? I send you this file in order to have your advice See you later. Thanks ---------------------------------------------------------------------------- ---- **** The link i posted above has a program that will remove the worm, I would suggest using that rather than deleting it yourself, I found that I was renaming regedit.ext to regedit.com to even open regedt. The worm tries to run any executables through it's own shell code. This being my first real post to Bug-traq I would like feedback. Any questions, hate-mail, death-threats etc can be sent off to epic () hack3r com thank you EPiC hack3r.com
Current thread:
- Update to "Code Red" Worm. Its a date bomb, not time. Marc Maiffret (Jul 19)
- RE: Update to "Code Red" Worm. Its a date bomb, not time. c0ncept (Jul 19)
- Re: Update to "Code Red" Worm. Its a date bomb, not time. Ryan Permeh (Jul 19)
- A code red that could bring down the net? josh abulamhammedramashi (Jul 22)
- RE: A code red that could bring down the net? Jason Lewis (Jul 23)
- Win32.Sircam.Worm Alert..... EPiC (Jul 23)
- Re: Win32.Sircam.Worm Alert..... H D Moore (Jul 24)
- Re: Win32.Sircam.Worm Alert..... Martin Lindquist (Jul 24)
- Re: Win32.Sircam.Worm Alert..... horape (Jul 25)
- Re: Win32.Sircam.Worm Alert..... Pete Sherwood (Jul 25)
- Re: Win32.Sircam.Worm Alert..... Miguel Angel Rodriguez Jodar (Jul 25)
- RE: Update to "Code Red" Worm. Its a date bomb, not time. c0ncept (Jul 19)
- multi-OS infections (was Re: A code red that could bring down the net? Meritt James (Jul 23)
- Re: multi-OS infections (Multi OS shellcode) Riley Hassell (Jul 24)
- Re: multi-OS infections (Multi OS shellcode) Damir Rajnovic (Jul 25)
- Re: multi-OS infections (Multi OS shellcode) corecode (Jul 25)
- RE: A code red that could bring down the net? Dom De Vitto (Jul 23)
- Re: A code red that could bring down the net? Birger Toedtmann (Jul 23)
- Re: A code red that could bring down the net? Michael Tench (Jul 23)