RE: Sircam

["Dom De Vitto" <dom () devitto com>]

Can I suggest that everyone vaguely interested go to the Symantec site
and look up the details - it's a complex thing SirCam, and does a lot
in a lot of ways.

e.g. Scans the Temporary Internet Files for any files containing email
addresses....

Dom
-----Original Message-----
From: Kimberly Anne McKinnis [mailto:elf () nauticom net]
Sent: 25 July 2001 21:15
To: Tom Geldner
Cc: 'Johnson, Greg'; vuln-dev () securityfocus com;
SECURITY-BASICS () securityfocus com
Subject: Re:Sircam


> From what I've read, it looks for any email addresses on the system, not
just in address books. So if webmaster@ was posted on a webpage somewhere,
that may be the cause.

This subject line is causing some peoples mail servers to reject the mail.
Somehow I doubt the real virus is actually going to send with that subject.

Tom Geldner wrote:

> > -----Original Message-----
> > From: Johnson, Greg [mailto:JohnsonG () missouri edu]
>
> > Don't let the e-mail tip-off fool you.
> >
> > In our University environment we find this and related worms
> > spread primarily via unprotected writeable Windows shares.  It
> > also gets in when a user without up-to-date anti-virus
> > software accesses an e-mail server other than our own which
> > has an anti-virus filter. Bim-ba-boom!
>
> Some of our corporate accounts have been pounded on by a particular user
> on verizon.net. None of those e-mail addresses are from someone's
> address book. They are all things like info@, webmaster@, postmaster@
> etc. so in our case, someone seems to be trying to propogate it
> deliberately.
>
> Tom

--
kimmie mckinnis
http://www.starjewel.org
icq:186072/aol:starbreiz