Vulnerability Development mailing list archives
Re: Win32.Sircam.Worm Alert.....
From: "Pete Sherwood" <petersherwood () home com>
Date: Wed, 25 Jul 2001 11:34:28 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - ----- Original Message ----- From: "EPiC" <epic () hack3r com> To: <vuln-dev () securityfocus com>; <SECURITY-BASICS () securityfocus com> Cc: "ProgramJammer" <programjammer () hack3r com> Sent: Monday, July 23, 2001 2:08 PM Subject: Win32.Sircam.Worm Alert.....
Friday morning I recieved an email from a friend, it looked as though he was sending me a .doc to look over. To my dismay, it was a worm that had infected him. I have found little information about this worm, Mostly located at http://www.symantec.com/avcenter/venc/data/w32.sircam.worm () mm html
In the Anti-Virus arena, that write up is considered a lot ;-!
The Worm will come from someone that has you on there contact list, and
will
have a differnt subject line determined by the attached file.
Not always. If you have one or more email addresses on web pages the worm has the ability to extract email addresses from Web-Browser cache entries. I've personally chatted with some who has had that happen and seen several postings in the NetNews Group alt.comp.virus already.
The text will read in english as: H i ! H o w a r e y o u ? I s e nd y o u t h i s f i l e i n o r d e r t o h a v e y o
u r a d v i c e
S e e y o u l a t e r . T h a n k s
Take note of this item in the write up! * Message: The message body will be semi-random, * but will always contain one of * the following two lines (either English or Spanish) * as the first and last sentences of the message. * * Spanish Version: * First line: H o l a c o m o e s t a s ? * Last line: N o s v e m o s p r o n t o , g r a c i a s . * * English Version: * First line: H i ! H o w a r e y o u ? * Last line: S e e y o u l a t e r . T h a n k s [NOTE: I had to add spaces as my ISP has put blocks on those phrases already : ( ] Since it will always [get your grains of salt!!!] contain the English or Spanish statements, then mail program rules could be distributed in an effort to keep the gullible from getting infected. At the same time, see if the gullible are willing to update their Anti-Virus signatures as well. PS: I am adding this discussion to the FOCUS-VIRUS () securityfocus com forum as this is virus related thread. Pete Sherwood 613-260-0612 (home/office) 613-591-8900 ext. 525 (voice-mail) PGP and Thawte digital keys available @ http://members.home.net/petersherwood/ -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBO17bdbomytMtxLfsEQK/+gCg8pDeCcLE4O2UyqsvdVfSFZQ3vNwAn2DW OC3Fjl4IXnidhveCHYBD2oEQ =4ceh -----END PGP SIGNATURE-----
Current thread:
- Update to "Code Red" Worm. Its a date bomb, not time. Marc Maiffret (Jul 19)
- RE: Update to "Code Red" Worm. Its a date bomb, not time. c0ncept (Jul 19)
- Re: Update to "Code Red" Worm. Its a date bomb, not time. Ryan Permeh (Jul 19)
- A code red that could bring down the net? josh abulamhammedramashi (Jul 22)
- RE: A code red that could bring down the net? Jason Lewis (Jul 23)
- Win32.Sircam.Worm Alert..... EPiC (Jul 23)
- Re: Win32.Sircam.Worm Alert..... H D Moore (Jul 24)
- Re: Win32.Sircam.Worm Alert..... Martin Lindquist (Jul 24)
- Re: Win32.Sircam.Worm Alert..... horape (Jul 25)
- Re: Win32.Sircam.Worm Alert..... Pete Sherwood (Jul 25)
- Re: Win32.Sircam.Worm Alert..... Miguel Angel Rodriguez Jodar (Jul 25)
- RE: Update to "Code Red" Worm. Its a date bomb, not time. c0ncept (Jul 19)
- multi-OS infections (was Re: A code red that could bring down the net? Meritt James (Jul 23)
- Re: multi-OS infections (Multi OS shellcode) Riley Hassell (Jul 24)
- Re: multi-OS infections (Multi OS shellcode) Damir Rajnovic (Jul 25)
- Re: multi-OS infections (Multi OS shellcode) corecode (Jul 25)
- RE: A code red that could bring down the net? Dom De Vitto (Jul 23)
- Re: A code red that could bring down the net? Birger Toedtmann (Jul 23)
- Re: A code red that could bring down the net? Michael Tench (Jul 23)
- Re: A code red that could bring down the net? Felix Harris (Jul 24)
- Re: A code red that could bring down the net? David R. Conrad (Jul 25)