|
Newsletters
|
|
|
|
|
Wireless Developer Network - Daily News
Visit the WirelessDevNet Symbian DevZone
Today's News |
Yesterday's News |
Submit News |
News-"wireless" Top Stories! |
Around-The-Web
| Wireless DevZones!
Sircam Virus Widely Spreads
July 27, 2001 (TOKYO) -- The damage caused by the "W32/Sircam" computer
virus is expanding in Japan.
The computer virus infects Windows 9x. There have been a great number of
reports from all parts of the world on the damage caused by the virus since
it was first detected around July 17, 2001. Users and anti-virus software
houses are busy taking countermeasures against the virus. On July 26, Trend
Micro Inc. raised its assessment of the danger level of the virus to the
maximum. On July 25 U.S. time, the CERT Coordination Center , a U.S.-based
organization, involving the Internet security, issued a warning on the virus.
Sircam sends out files stored in a personal computer without users'
awareness and erases the data in the hard disk drive. It creates its own
copies by using both e-mails and network shares. For this reason, it has a
significantly strong infectious power.
E-mails infected with Sircam contain a message written in either English or
Spanish. The English version begins with the sentence, "Hi! How are you?"
It is followed by a seemingly random subject line, for example, "I sent you
this file in order to get your advice" or "I hope you like the file that I
sent you." It concludes with the sentence, "See you later. Thanks."
Sircum itself is attached to e-mails with a file name, such as "SirC32.exe"
and "(certain words).doc.com." When the user opens the malicious attachment
file, the virus starts infecting. It is difficult, however, for the users
to notice the infection, because even if the document files are infected,
users can open the Word files in the same way as usual.
The following is the process of the Sircam infection. First, it copies
itself in a user's computer system. The virus installs a copy of itself
into the Recycled folder (C:Recycled) and Windows system folder. Then it
creates a copy on the network computer which it has found, and sends itself
and the files within the computer system through e-mail.
Sircam does not send infected e-mails by using the mail client capabilities
that the user is using, but uses its own Simple Mail Transfer Protocol
(SMTP) client capabilities. "Sircam obtains the SMTP information from the
user's Outlook Express or Outlook, and sends infected e-mails using the
setting," said an official of Symantec Corp. According to Trend Micro, the
virus also sends e-mails by using a SMTP server on the Internet that the
users have set up beforehand for their own use.
Sircam obtains e-mail addresses from two sources and sends infected e-mails
to the addresses. One of the sources is the address book in Windows which
has the extension of "wab" (Windows Address Books). The other is the cache
where the HTML files accessed by the user by using a Web browser are
stored. "Sircam sends infected e-mails to addresses on all Web sites that
the user accessed by using a Web browser, including bulletin boards," said
an official of Japan Computer Research Center. This is one of the reasons
why the virus is spreading indiscriminately. Sircam takes in the files with
extensions, such as "doc," "xls," "zip" and "exe," in the Desktop and My
Documents folders, and sends them as attachment files via e-mail.
Anti-virus software houses, including Trend Micro and Symantec, are
distributing on their Web sites tools for getting rid of Sircam. It is
advisable that users promptly update the data of anti-virus software which
is installed in their PC and not open files attached to e-mails unless
absolutely necessary.
|
|
|
|
