|
|
|
() http://www.cert.org/advisories/CA-2001-22.html
Overview
"W32/Sircam" is malicious code that spreads through email and potentially through unprotected network shares. Once
the malicious code has been executed on a system, it may reveal or delete sensitive information.
As of 10:00EDT(GMT-4) Jul 25, 2001 the CERT/CC has received reports of W32/Sircam from over 300 individual sites.
I. Description
W32/Sircam can infect a machine in one of two ways:
When executed by opening an email attachment containing the malicious code
By copying itself into unprotected network shares
Propagation Via Email
The virus can appear in an email message written in either English or Spanish with a seemingly random subject line.
All known versions of W32/Sircam use the following format in the body of the message:
English
Spanish
Hi! How are you?
[middle line]
See you later. Thanks
Hola como estas ?
[middle line]
Nos vemos pronto, gracias.
Where [middle line] is one of the following:
English
I send you this file in order to have your advice
I hope you like the file that I sendo you
I hope you can help me with this file that I send
This is the file with the information you ask for
Spanish
Te mando este archivo para que me des tu punto de vista
Espero te guste este archivo que te mando
Espero me puedas ayudar con el archivo que te mando
Este es el archivo con la informacion que me pediste
Users who receive copies of the malicious code through electronic mail might recognize the sender. We encourage
users to avoid opening attachments received through electronic mail, regardless of the sender's name, without prior
knowledge of the origin of the file or a valid digital signature.
http://www.cert.org/advisories/CA-2001-22.html
The link has more complete information.
By the way, a credible source has received the virus from four unknown people and he doesn't think that he is on their address books. It appears that it can also pick up addresses from cached html files and sends out to those as well.
|
|