|
SIRCAM Virus Bulletin
Subject: MUST READ: SirCam Virus Prevention
Date: Mon, 13 Aug 2001 09:22:21 -0400
From: "T.C. Kearns"
Organization: Frontier !nter@ctive
To: "T.C. Kearns"
Good morning: I need you to check and possibly change some of your
email settings in order to increase the security of the email portion of
the server from an email virus called SirCam. This message contains
what to look out for, the steps to take and a link for the full scoop on
SirCam. Please forward this message to everyone in your organization.
First and foremost, until I notify you otherwise, please set your mail
client (program) so that you do not save your password for your Frontier
Interactive-supplied email account and set it to check for mail at your
request. In other words, DO NOT have the program set to retrieve mail
every 5 minutes automatically. The bottom line is that you can only
check mail if you save the password into your settings. With SirCam,
this is a major no-no. Please make this change to your PC today.
For more about SirCam, see this CERT Advisory from July 25. THe URL is:
http://www.cert.org/advisories/CA-2001-22.html
Already last week, another Frontier Interactive client downloaded this
message, opened the attachment and without his knowledge, SirCam began
sending thousands of unsolicited emails from his desktop. By the way,
Mac / Apple computers are not affected by SirCam. Only Windows OS
computers. The net affect is that a percentage of these emails were
being returned to the server as undeliverable. At 220KB per email, it
didn't take long for the root mail account to overflow and prevent ANY
email from being received. This occurred during the overnight hours of
Wed, Aug. 8 and was corrected by the morning. Any email sent to you
during this time would have been returned to the sender as
undeliverable.
Here's what the email message will look like:
The virus can appear in an email message written in either English or
Spanish with a seemingly random subject line. All known versions of
W32/Sircam use the following format in the body of the message:
English
Hi! How are you?
[middle line]
See you later. Thanks
Spanish
Hola como estas ?
[middle line]
Nos vemos pronto, gracias.
Where [middle line] is one of the following:
English
I send you this file in order to have your advice
I hope you like the file that I sendo you
I hope you can help me with this file that I send
This is the file with the information you ask for
Spanish
Te mando este archivo para que me des tu punto de vista
Espero te guste este archivo que te mando
Espero me puedas ayudar con el archivo que te mando
Este es el archivo con la informacion que me pediste
Users who receive copies of the malicious code through electronic mail
might recognize the sender. We encourage users to avoid opening
attachments received through electronic mail, regardless of the sender's
name, without prior knowledge of the origin of the file or a valid
digital signature.
Finally, I believe that you will receive one of these messages. Just
this morning, there was another in my box from a contact in India whose
email address I recognized:
"Hi! How are you?
I send you this file in order to have your advice
See you later. Thanks"
While there is no harm in downloading and reading the message, I did not
open the attachment.
Again, please make these changes to your mail settings, shut off your
connection when not using the internet, and turn off your PC at the end
of the day.
If you follow these directions, you will be practicing safe computing.
Please contact me by email or phone 609-714-7100 if you have any
questions.
Best regards, Tim Kearns |
