Vulnerability Development mailing list archives
Re: Sircam
From: "EPiC" <epic () hack3r com>
Date: Fri, 27 Jul 2001 10:28:22 -0600
I use snort IDS (snort.org) and have written rules to block it.. Also.. it is simple to put the body of the message in postfix mail filtering rules.. block it at the mail server leval. Any questions on how I have done this can be directed to epic () hack3r com EPiC hack3r.com ----- Original Message ----- From: "Stan Lee (OBU-MY)" <Stan_Lee () trend com tw> To: "Dom De Vitto" <dom () devitto com> Cc: <vuln-dev () securityfocus com>; <SECURITY-BASICS () securityfocus com> Sent: Thursday, July 26, 2001 10:08 PM Subject: RE: Sircam
Hi all, do you guys think that scanning and cleaning is what you need you do for this virus??? What if i suggest to STOP the coming of this virus at
all????
You should use a solution that sit on the internet gateway, right after
the
firewall, to STOP all troj_sircam.A at the gateway.. for more detail please visit Trend Micro's site at : www.antivirus.com Stan -----Original Message----- From: Dom De Vitto [mailto:dom () devitto com] Sent: Friday, July 27, 2001 2:44 AM Cc: vuln-dev () securityfocus com; SECURITY-BASICS () securityfocus com Subject: RE: Sircam Can I suggest that everyone vaguely interested go to the Symantec site and look up the details - it's a complex thing SirCam, and does a lot in a lot of ways. e.g. Scans the Temporary Internet Files for any files containing email addresses.... Dom -----Original Message----- From: Kimberly Anne McKinnis [mailto:elf () nauticom net] Sent: 25 July 2001 21:15 To: Tom Geldner Cc: 'Johnson, Greg'; vuln-dev () securityfocus com; SECURITY-BASICS () securityfocus com Subject: Re:SircamFrom what I've read, it looks for any email addresses on the system, notjust in address books. So if webmaster@ was posted on a webpage somewhere, that may be the cause. This subject line is causing some peoples mail servers to reject the mail. Somehow I doubt the real virus is actually going to send with that
subject.
Tom Geldner wrote:-----Original Message----- From: Johnson, Greg [mailto:JohnsonG () missouri edu]Don't let the e-mail tip-off fool you. In our University environment we find this and related worms spread primarily via unprotected writeable Windows shares. It also gets in when a user without up-to-date anti-virus software accesses an e-mail server other than our own which has an anti-virus filter. Bim-ba-boom!Some of our corporate accounts have been pounded on by a particular user on verizon.net. None of those e-mail addresses are from someone's address book. They are all things like info@, webmaster@, postmaster@ etc. so in our case, someone seems to be trying to propogate it deliberately. Tom-- kimmie mckinnis http://www.starjewel.org icq:186072/aol:starbreiz
Current thread:
- Re: Sircam EPiC (Jul 28)