The Sircam Virus

The Sircam Virus
by Membrane.com Staff Writer
July 26, 2001

A newer virus called "The Sircam Virus" has been spreading at an alarming rate. In fact, our security staff has never seen a virus with such a devastating impact.

We've seen more cases of the Sircam Virus than the Snow White, I Love You and Anna Kournikova viruses combined.
-- Daniel Brouse, Security Advisor, InternetU.org

About Sircam

The worm uses Windows' Outook Express Address Book to send the virus, as well as, personal information from the infected computer. [Since this article was published, new mutations of the virus have been found to attack other email clients, such as, Eudora.] The worm will also try to look for e-mail addresses on other parts of the computer. If the infected computer is set-up with an e-mail account, the worm will send out the virus whenever it is connected to the Internet. The subject line and the file name of the virus changes each time it is sent out. However, the body of the email message usually starts the same way:
ENGLISH
Hi! How are you

I send you this file in order to have your advice

See you later Thanks


SPANISH
Hola como estas

Te mando este archivo para que me des tu punto de vista

Nos vemos pronto gracias

What Sircam Does

Sircam causes at least three types of devastation.
  1. Personal security and privacy -- the owner of the infected computer is faced with severe liability issues. (The "owner" of the infected computer is likely attacking other computers, sending out other people's personal information, hindering other businesses' activities, to mention a few potential costs.)
  2. On October 16, one out of every 20 infected computers will have their drive containing Windows deleted.
  3. On any other given day, one in 50 infected computers will run a program that fills up the harddrive until the computer crashes.

What To Do If You Have Sircam

  1. Do not connect to the Internet.
  2. Boot the infected computer with a clean DOS start-up floppy disk.
  3. Run F-prot (or other current virus software.)
  4. Attempt to apologize to all those you have sent the virus to and offer to help those that you have infected.

No one is sure that these viruses aren't leaving remnants behind. The only way you can know for sure is to throw away the machines. The next best alternative would be to reformat the harddrive and re-install the operating system.
-- InternetU.org Security Dept.

Update News Article on Sircam
F-prot Virus Protection
Security Homepage