I hate to blast this out to these lists, but today i have received several
copies of the w32.sircam.worm from addresses i recognize from various ham mail
lists. this one spreads very quickly. you can identify messages containing it
at a glance because the subject of the message matches the file name of an
attachment... the attachments normally have strange combination file names
like xxxxxxx.doc.pif, or yyyyyy.txt.bat, or zzzzzzzzzzzz.doc.com, some
browsers may not show you the .bat, .com, or .pif extensions so it may look like
a harmless text file... in the above cases the subject of the message would be
xxxxxxxx or yyyyyyy or zzzzzzzzzzz to match the file name. in all cases the
files are actual files off your hard drive with the worm added to it, so you
could compromise data on your machine also. in several cases the files i have
received have been megabytes long which tie up my mail download the the cluster
node for quite a while.
the text is always a very simple message about 'here is a file for your
comment', sometimes the text appears as an attachment also.
see the description at:
yes, i am an IT professional, even though i don't play one on tv.
David Robbins K1TTT
AR-Cluster node: 145.69MHz or telnet://k1ttt.net
FAQ on WWW: http://www.contesting.com/FAQ/towertalk
Administrative requests: towertalk-REQUEST@contesting.com