Sircam Virus ALERT

Printable View

July 25th, 2001, 12:03 PM
PCSolutions

Sircam Virus ALERT

The Sircam virus seems to be spreading. For the past 2 days I received 3 emails from people that I do not know. All contained attachments & all had the virus.

The text of the email contains:

Hi! How are you?
I send you this file in order to have your advice (there are variations on this line)
See you later. Thanks

The attachments may appear on the face of it to be excel or word documents but they end in com.

Please make sure that you are running up to date antivirus software. DO NOT open any file attachments at all, even from people that you know, without scanning the files FIRST!

Heres the Norton link about this virus http://www.sarc.com/avcenter/venc/[email protected]
If you need the removal tool it is in the link.

------------------
In the beginning there was the command line
July 26th, 2001, 01:38 PM
McStagger

Everyone says this spreads via your address book or other e-mail addresses that you have on your computer. I have trouble believing that simple because I haven't recieved a single instance of SirCam from someone I know. It's all been complete strangers. I get 10 or 12 virus-carrying e-mails a day, and they are people I have never communicated with, ever.

If someone could explain this, I would be in their debt, because this is really irritating.

------------------
If at first you don't succeed, destroy all evidence that you tried
July 26th, 2001, 08:27 PM
Tuttle

The virus contains its own SMTP client and uses that to spread, instead of sending the emails through Outlook. That means it can forge the From: header to whatever it likes instead of being restricted to the infected user's actual details. Infection steps 10 and 11 at that Symantec link describe exactly where it gets the data from.
July 27th, 2001, 06:24 AM
smurfy

Correct tuttle (as usual https://discussions.virtualdr.com/ )

It searches the folders that are referred to by the registry keys
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\
Shell Folders\Cache

PCsolutions and I both recieved this nasty several times this week to our email addresses which are available on the main software forum page here (top left). These email addresses are in the IE cache of everyone who loads that page.
McStagger, I can only assume your email address is posted somewhere on the internet.

------------------
Sean (Smurfy)
....................
Please remember that others may need to know the outcome of your problem so please keep us updated.
July 27th, 2001, 09:26 AM
McStagger

Thanks, I though I had read that somewhere (probably the SARC site), but I wasn't sure. This virus isn't really a problem for me, other than filling my inbox with junk, because I usually don't read e-mail from people I don't know and I never open their attachments. I was just curious. Thanks alot everyone, you've helped alot.

------------------
If at first you don't succeed, destroy all evidence that you tried