[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-virus
Subject: Re: p5-v2-r (fwd)
From: "Nick FitzGerald" <nick () virus-l ! demon ! co ! uk>
Date: 2001-07-20 22:48:20
[Download RAW message or body]
Jose Nazario <jose@biocserver.BIOC.cwru.edu> wrote:
> i got two mail messages, unsolicited, probably from list traffic. the text
> of the messages reads:
>
> Hi! How are you?
>
> I send you this file in order to have your advice
>
> See you later. Thanks
>
> --- END
>
> with an attachment. the first is:
>
> Computer Service.xls.com
>
> and the second is:
>
> p5-v2-r.doc.lnk
>
> neither one decodes in pine (base64 errors), so i can't evaluate them via
> strings. both are from outlook express machines (wow, big surprise), so
> i'm suspecting an email virus.
Almost guaranteed to be Win32/SirCam. It is doing the rounds at the
moment and will fool a lot of people, sending copies of potentially
private or confidential data off their machines in the form of DOC,
XLS or ZIP files found in the My Documents folder.
> searches on these bring up nothing. any ideas?
...IIRC that is because those names are taken from the original
filenames of the "stolen documents".
You should write back to these people pointing out they are "leaking"
information they most probably do not want leaked and tell them to
update their AV software and check out their vendor's website for
details on SirCam. Here are the URLs for some of the larger AV
vendors' descriptions of SirCam:
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SIRCAM.A
http://www.ca.com/virusinfo/encyclopedia/descriptions/s/sircam137216.htm
http://www.f-secure.com/v-descs/sircam.shtml
http://www.viruslist.com/eng/viruslist.asp?id=4225&key=00001000130000100088
http://vil.nai.com/vil/virusSummary.asp?virus_k=99141
http://www.sophos.com/virusinfo/analyses/w32sircama.html
http://www.sarc.com/avcenter/venc/data/w32.sircam.worm@mm.html
Regards,
Nick FitzGerald
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic