Tip

Top virus threats, part three: Sircam



This is the third tip in a series.

Viruses are not all created equal. Some cause more damage and some spread quickly to a large number of systems. Fortunately, there are only a few viruses that cause lots of damage and spread quickly. Therefore, most viruses are not a big threat. However, those few viruses that are a serious threat is all the reason you need for a multi-level virus protection and removal system.

To help you understand why virus protection is necessary, let's take a quick look at the top four viruses currently found in the wild ("in the wild" means actively infecting computers around the world via the Internet or other means).

The virus that is generally considered to be the third-worst virus or worm currently circulating networks across the globe is the W32.Sircam.Worm@mm. The threat from Sircam is multi-faceted. It includes its own SMTP server (outbound e-mail server). This built-in e-mail server is used to e-mail random files from a computer to any e-mail address it finds on the local system. Sircam is able to discover e-mail addresses by looking for them in sho*., get*., hot*., *.htm files or in the Windows Address Book files (.wab). The e-mail sent out by Sircam has a random file attached to it (which has been infected with Sircam) and it will have a random subject (often the name of the attached file).

Once a system is infected, the Sircam virus writes itself to several locations on the local hard drive(s)

    Requires Free Membership to View

and even alters the local Registry. Sircam is network aware and will attempt to copy itself to other computers on the system using names discovered in the local NetBIOS cache. Built into Sircam is the ability to delete every file from the C drive of a system or to completely consume all free space on a drive. Fortunately, the virus has an error in its programming and these features are rarely activated.

Due to another error in its programming, Sircam does not replicate itself under Windows NT, 2000 or XP. However, it is very effective at replicating on all other Windows OS.

Sircam spreads itself very quickly and even now nearly a year after its discovery, it is still very rampant. Due to its programming errors its damaging effects on infected systems is only moderate.

Most antivirus products are able to detect, remove and disable this virus/worm. However, if your system is already infected, you need to manually clean-up its artifacts to guarantee that you will not remain infected or accidentally infect others. For details on reversing the changes to systems infected by the W32.Sircam.Worm@mm virus, please visit one of the following:
Symantec: http://securityresponse.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html
McAfee: http://vil.mcafee.com/dispVirus.asp?virus_k=99141
TrendMicro: http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_SIRCAM.A


About the author
James Michael Stewart is a researcher and writer for Lanwrights, Inc.

This was first published in April 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.