Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login
Site Notices
1/25/2018 7:38:29 AM
Posted: 9/4/2001 12:49:18 AM EST
To my yahoo account. Maybe someone at Intel didn't like me advising Frank The Spank on activating the "worm". I dunno. Scan Result Name of File: Vivian_Martin.doc.pif Type of File: application/mixed Scan Result: Virus W32.Sircam.Worm@mm found. File NOT cleaned. 229k From: "Vivian Martin" | Block Address | Add to Address Book To: rjw000@yahoo.com Subject: Vivian Martin Date: Mon, 3 Sep 2001 13:31:24 -0700 Hi! How are you? I send you this file in order to have your advice See you later. Thanks
Link Posted: 9/4/2001 12:50:30 AM EST
It's either Intel or the "gypsies". I nominated them on SteyrAug's thread.
Link Posted: 9/4/2001 12:54:01 AM EST
I have received 12 of those types of emails in the last month. What in the hell did I do to deserve it?
Link Posted: 9/4/2001 1:05:28 AM EST
That's a pretty good sized file isn't it? Probably something more than just a "Word" macro virus.
Link Posted: 9/4/2001 1:06:41 AM EST
Originally Posted By Imbroglio: I have received 12 of those types of emails in the last month. What in the hell did I do to deserve it?
View Quote
You bashed Miss Cleo and she be a Shamon.
Link Posted: 9/4/2001 1:07:50 AM EST
Maybe I'll transfer it to one of my spare notebooks and open it.
Link Posted: 9/4/2001 2:53:04 AM EST
Just did some research, that's a pretty serious sounding "worm". [url]http://www.sarc.com/avcenter/venc/data/w32.sircam.worm@mm.html[/url] W32.Sircam.Worm@mm Discovered on: July 17, 2001 Last Updated on: August 21, 2001 at 03:13:03 PM PDT Due to an increased rate of virus submissions, The Symantec AntiVirus Research Center (SARC) has upgraded W32.Sircam.Worm@mm from a level 3 to a level 4 virus threat. W32.Sircam.Worm@mm contains its own SMTP engine, and propagates in a manner similar to the W32.Magistr.Worm. Due to what appears to be a bug, this worm does not replicate under Windows NT or 2000. SARC has created a tool to remove this worm. CAUTION: In some cases, if you have had NAV quarantine or delete infected files, you will not be able to run .exe files, however you will still be able to run the removal tool. To obtain the W32.Sircam.Worm@mm removal tool, please click here. Also Known As: W32/SirCam@mm, Backdoor.SirCam Type: Worm Virus Definitions: July 17, 2001 Threat Assessment: Wild: High Damage: Medium Distribution: High Wild: Number of infections: More than 1000 Number of sites: More than 10 Geographical distribution: Medium Threat containment: Moderate Removal: Moderate Damage: Payload Trigger: 1) October 16th, or some attached file contents, triggers file deletion payload. 2) If the file deletion occured, or after 8000 executions, triggers the space filler payload. Payload: Large scale e-mailing: The worm appends a random document from the infected PC to itself and sends this new file via email Deletes files: 1 in 20 chance of deleting all files and directories on C:. Only occurs on systems where the date is October 16 and which are using D/M/Y as the date format. Always occurs if attached file contains "FA2" not followed by "sc". Degrades performance: 1 in 50 chance of filling all remaining space on the C: drive by adding text to the file c:\recycled\sircam.sys Releases confidential info: It will export a random document from the hard drive by appending it to the body of the worm Distribution: Subject of email: Random subject - the filename of the attachment Name of attachment: A file from the sender's computer with the extension .bat, .com, .lnk, or .pif added to it. Size of attachment: at least 134kb long Shared drives: searchs for shared drives and copies itself to those it finds Technical description: This worm arrives as an email message with the following content: Subject: The subject of the email will be random, and will be the same as the file name of the email attachment. Attachment: The attachment is a file taken from the sender's computer and will have the extension .bat, .com, .lnk or .pif added to it. Message: The message body will be semi-random, but will always contain one of the following two lines (either English or Spanish) as the first and last sentences of the message.
Link Posted: 9/4/2001 2:55:35 AM EST
I have also never seen a double eXtension before. Vivian_Martin.doc.pif
Link Posted: 9/4/2001 4:35:19 AM EST
Link Posted: 9/4/2001 6:22:37 AM EST
That stupid sircam infected my laptop when I hooked it up at work, and I brought it home. I checked my email, and did not get any attachments. Since I don't use Outlook, there must be another machine at work infected and it came accross on a network share. The worst part is that it got by Mcaffee. I'm thinking about switching to Norton.
Link Posted: 9/4/2001 7:09:06 AM EST
Definitely go w/ Norton, my brother! I had the same thing happen to me a few times, an e-mail sent by Snow White that I didn't even open, but infected my PC anyways. I tried the Startup discs several times, but it was still there. I called Mcaffee & was told that their only support was to be found online. Yeah, right! If I could get online I wouldn't be calling you, now would I? Anyways, 2 minutes after loading Norton it told me that it found the virus & would repair what it could & either delete or quarantine what it couldn't. Not a blip since.
Link Posted: 9/5/2001 10:09:09 AM EST
you need to forward a copy of that email to rectec.com and let them know that this is a criminal matter and you need info on the user. I'd file a report on this...
Link Posted: 9/6/2001 2:47:52 AM EST
Originally Posted By Ticonderoga: you need to forward a copy of that email to rectec.com and let them know that this is a criminal matter and you need info on the user. I'd file a report on this...
View Quote
Ok, I'll see what can be done.
Top Top