Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Pastimes : Computer Learning -- Ignore unavailable to you. Want to Upgrade?

To: Gottfried who wrote (21398)	7/19/2001 4:57:03 AM
From: thecow	Respond to of 110655

defs Thanks G tc

To: Gottfried who wrote (21398)	7/20/2001 1:14:56 PM
From: SIer formerly known as Joe B.	Respond to of 110655

>>>Norton AV definitions dated 7/17 available. G. Here's what they blocked: news.yahoo.com Friday July 20 11:15 AM EDT Latest Destructive Virus, SirCam, Spreading Quickly By Brian Ploskina, Interactive Week A new virus has been discovered that has the possibility to fill up users' hard drives, delete files, distribute private documents, hide itself from typical virus scanners, and propagate itself across the Internet using the Microsoft Outlook address book. The Symantec Anti-Virus Research Center (SARC) has ranked the threat of the virus, entitled SirCam, a four, with five being the most serious. The McAfee Anti-Virus Emergency Response Team (AVERT), as well as the Trend Micro Virus Information Center, ranks the virus as a medium threat. SirCam also joined Trend's Worldwide Virus Tracker Top 10 list at number 3. The virus usually comes as an e-mail attachment with the file name "SirCam32.exe." There are several payloads of the virus that randomly occur. One user could actually be a carrier of the virus but never be infected. "When you run it, it does three things that are sort of odd and unusual," said Steve Trilling, director of SARC. The first thing it does is compute a random number that has a 1 in 33 chance of triggering the machine to fill up all the remaining space on the hard disk by adding text to a system file in the Recycle Bin (c:\recycled\sircam.sys) at each startup. Next, the virus will check to see if the date is October 16. If it is and the Windows operating systems is using a European date format (day/month/year), then it will again generate a random number that has a 1 in 20 chance of triggering the machine to delete all the files on the hard drive. Finally, it will export a random document form the hard drive and append it to the body of the virus when it propagates itself to other users. This could present a privacy breach if the document is confidential. Another unusual characteristic of the virus is that when it uploads a file from the hard drive to send to other users, it will append the file name with either .exe, .bat, .tif., .com, or .link. If it uses .link or .bat, the virus will essentially "neuter" itself, Trilling says, ceasing to operate. The virus stores itself in the Microsoft Windows Recycle Bin, where most virus scanners don't scan for viruses. Trilling says Symantec, which first discovered and issued a patch for the virus on Monday, has received 200 submissions of the virus from around the world, 40 of which were from corporate customers. McAfee has received 50 worldwide submissions, 30 over the evening between Wednesday night and Thursday morning. The virus is also a worm, spreading by sending itself out to all the addressees in a person's Microsoft Outlook address book, and copies itself to any shared drives it finds. The e-mail that people get is either in English or Spanish, and the body of the message varies although it typically looks like this: Hi! How are you? I send you this file in order to have your advice I hope you can help me with this file that I send I hope you like the file that I sendo(CQsendo) you This is the file with the information that you ask for See you later. Thanks Patches have been available for download for most of the week from the major anti-virus software vendors. Those that don't fix their systems could have an ugly awakening October 16, Trilling says. The last well-known virus to use a date as its trigger was the Chernobyl virus, which went off on April 26, 2000, the anniversary of the Chernobyl incident in Russia. That virus also was distributed months before the actual trigger date (August 1999), giving users plenty of time to patch their systems before the virus went off. Vincent Gullotto, senior director of McAfee AVERT, says not everyone patches their anti-virus systems. Among McAfee's customer base, Gullotto says about 50 to 60 percent perform weekly updates, another 30 percent update monthly, and the rest either update less often or not at all.