Vulnerability Development mailing list archives
RE: Sircam
From: "Dom De Vitto" <dom () devitto com>
Date: Thu, 26 Jul 2001 19:43:54 +0100
Can I suggest that everyone vaguely interested go to the Symantec site and look up the details - it's a complex thing SirCam, and does a lot in a lot of ways. e.g. Scans the Temporary Internet Files for any files containing email addresses.... Dom -----Original Message----- From: Kimberly Anne McKinnis [mailto:elf () nauticom net] Sent: 25 July 2001 21:15 To: Tom Geldner Cc: 'Johnson, Greg'; vuln-dev () securityfocus com; SECURITY-BASICS () securityfocus com Subject: Re:Sircam
From what I've read, it looks for any email addresses on the system, not
just in address books. So if webmaster@ was posted on a webpage somewhere, that may be the cause. This subject line is causing some peoples mail servers to reject the mail. Somehow I doubt the real virus is actually going to send with that subject. Tom Geldner wrote:
-----Original Message----- From: Johnson, Greg [mailto:JohnsonG () missouri edu]Don't let the e-mail tip-off fool you. In our University environment we find this and related worms spread primarily via unprotected writeable Windows shares. It also gets in when a user without up-to-date anti-virus software accesses an e-mail server other than our own which has an anti-virus filter. Bim-ba-boom!Some of our corporate accounts have been pounded on by a particular user on verizon.net. None of those e-mail addresses are from someone's address book. They are all things like info@, webmaster@, postmaster@ etc. so in our case, someone seems to be trying to propogate it deliberately. Tom
-- kimmie mckinnis http://www.starjewel.org icq:186072/aol:starbreiz
Current thread:
- RE: Win32.Sircam.Worm Alert..... Johnson, Greg (Jul 24)
- RE: Win32.Sircam.Worm Alert..... Tom Geldner (Jul 24)
- RE: Win32.Sircam.Worm Alert..... Jeremy Rodriguez (Jul 25)
- Re: Win32.Sircam.Worm Alert..... Nicolas Gregoire (Jul 25)
- Re:Sircam Kimberly Anne McKinnis (Jul 26)
- RE: Sircam Dom De Vitto (Jul 26)
- <Possible follow-ups>
- Re: Win32.Sircam.Worm Alert..... Kimberly Anne McKinnis (Jul 24)
- Re: Win32.Sircam.Worm Alert - Report from Argentina Mariano Vassallo (Jul 25)
- RE: Win32.Sircam.Worm Alert..... Arturo "Buanzo" Busleiman (Jul 25)
- RE: Win32.Sircam.Worm Alert..... Eric D. Williams (Jul 25)
- Re: Win32.Sircam.Worm Alert..... Nicolas Gregoire (Jul 25)
- Re: Win32.Sircam.Worm Alert..... Bruno Lustosa (Jul 25)
- RE: Win32.Sircam.Worm Alert..... Obert, Jack E. (Jul 25)
- Re: Win32.Sircam.Worm Alert..... Peter Gutmann (Jul 25)
- RE: Win32.Sircam.Worm Alert..... Kyle Plate (Jul 26)
- RE: Win32.Sircam.Worm Alert..... Chris Freels (Jul 26)
(Thread continues...)
- RE: Win32.Sircam.Worm Alert..... Tom Geldner (Jul 24)