[CQ-Contest] V_I_R_U_S A_L_E_R_T

David Robbins k1ttt at berkshire.net
Mon Jul 30 20:07:06 EDT 2001


I hate to blast this out to these lists, but today i have received several
copies of the w32.sircam.worm from addresses i recognize from various ham mail
lists.  this one spreads very quickly.  you can identify messages containing it
at a glance because the subject of the message matches the file name of an
attachment... the attachments normally have strange combination file names
like   xxxxxxx.doc.pif, or yyyyyy.txt.bat, or zzzzzzzzzzzz.doc.com, some
browsers may not show you the .bat, .com, or .pif extensions so it may look like
a harmless text file... in the above cases the subject of the message would be
xxxxxxxx or yyyyyyy or zzzzzzzzzzz to match the file name.  in all cases the
files are actual files off your hard drive with the worm added to it, so you
could compromise data on your machine also.  in several cases the files i have
received have been megabytes long which tie up my mail download the the cluster
node for quite a while.

the text is always a very simple message about 'here is a file for your
comment', sometimes the text appears as an attachment also.

see the description at:
http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html

yes, i am an IT professional, even though i don't play one on tv.

-- 
David Robbins K1TTT
e-mail: mailto://k1ttt@berkshire.net
web: http://www.k1ttt.net
AR-Cluster node: 145.69MHz or telnet://k1ttt.net


--
CQ-Contest on WWW: http://lists.contesting.com/_cq-contest/
Administrative requests: cq-contest-REQUEST at contesting.com




More information about the CQ-Contest mailing list