Did this virus crash your system, Maurice?
Antivirus Vendors Warn Against Sircam
Atypical e-mail-born worm, Sircam, appends your Windows files to an e-mail and sends it on.
Ellen Messmer, Network World Fusion
Friday, July 20, 2001
Antivirus software vendors are raising the alarm about a Windows-based e-mail computer virus dubbed Sircam that can potentially wipe out files on a hard drive or make a computer crash, although it doesn't appear to do so consistently.
Sircam is yet another computer virus that arrives with an e-mail attachment, asking gullible victims--in either Spanish or English--to open an attached document, at which point its damaging payload strikes. Although Sircam doesn't consistently damage every computer it lands on, it may randomly create a new file in a victim's hard drive in order to fill it up and make it crash, or simply delete all the files on the machine.
As an e-mail-born virus that mails itself using a victim's Outlook directory, it can also wreak havoc by jamming e-mail servers.
"It's been reported by more than 25 different corporations already, so we're drawing attention to it," says Steve Trilling, director of research at Symantec's antivirus research center, where the security vendor analyzes new computer viruses and finds defenses for them. Many antivirus vendors, including Network Associates (McAfee) and Trend Micro, also have updates to defend against Sircam.
A Windows Virus That Grows
Sircam differs from e-mail viruses like the recent Anna Kournikova virus in that Sircam is a Windows program that can search a hard drive for document files, Excel spreadsheet files, Zip files, or executable files, and then append them to the end of the attachment it sends.
"It doesn't show up as a second attachment--it just gets bigger," Trilling says. "It's a strange thing, adding it to its own program."
Though Sircam isn't the most destructive virus that the antivirus software vendors have seen, its atypical features have made it a curiosity to antivirus experts eager to see it wiped out.
"What's unique is that it randomly grabs a file name and uses it as a subject line," says Vincent Gullotto, senior director at McAfee's Avert Labs, about the Sircam virus. "Most viruses come with a single subject line or one that gets rotated periodically."
Its ability to change the subject line is causing otherwise cautious people to open the Sircam e-mail attachment.
McAfee has seen the virus slowly succeed in spreading itself over the last few days.
For more information about enterprise networking, go to Network World Fusion. Story copyright 2001 Network World Inc. All rights reserved.
pcworld.com |
