RE: Win32.Sircam.Worm Alert.....

["Jeremy Rodriguez" <jrodriguez () intellinet-tech com>]

Yesterday the worm infected 3 of our systems. Just to test I downloaded it,
save it a specific folder and scanned it with Norton's (using the latest
defs) and to my suprise it did not pick it up.
The fix Symantec has:
http://www.sarc.com/avcenter/FixSirc.com

Did find the worm and repair it.


-----Original Message-----
From: Tom Geldner [mailto:tom () xor cc]
Sent: Tuesday, July 24, 2001 12:35 PM
To: 'Johnson, Greg'; vuln-dev () securityfocus com;
SECURITY-BASICS () securityfocus com
Subject: RE: Win32.Sircam.Worm Alert.....




> -----Original Message-----
> From: Johnson, Greg [mailto:JohnsonG () missouri edu]

> Don't let the e-mail tip-off fool you.
>
> In our University environment we find this and related worms
> spread primarily via unprotected writeable Windows shares.  It
> also gets in when a user without up-to-date anti-virus
> software accesses an e-mail server other than our own which
> has an anti-virus filter. Bim-ba-boom!

Some of our corporate accounts have been pounded on by a particular user
on verizon.net. None of those e-mail addresses are from someone's
address book. They are all things like info@, webmaster@, postmaster@
etc. so in our case, someone seems to be trying to propogate it
deliberately.

Tom