virus alert

Jeff · July 27, 2001, 10:13:06 AM

Forum members watch out, I have had this sent to me twice since last night. Its out there big time!
you can go to www.macafee.com for more info then I have here. Remember to keep your virus software updated! I do it every 3rd day!

www.McAfee.com has seen a large and growing number of consumer
computers infected with W32/SirCam@MM. This is a HIGH RISK
VIRUS FOR CONSUMERS. The infected email can come from
addresses that you recognize. Attached is a file with two
different extensions. The file name itself varies.

The email message can appear as follows:

Subject: [filename (random)]
Body: [content varies]

Hi! How are you?
I send you this file in order to have your advice
or I hope you can help me with this file that I send
or I hope you like the file that I sendo you
or This is the file with the information that you ask for
See you later. Thanks

--- the same message may be received in Spanish ---

Hola como estas ?
Te mando este archivo para que me des tu punto de vista
or Espero me puedas ayudar con el archivo que te mando
or Espero te guste este archivo que te mando
or Este es el archivo con la información que me pediste
Nos vemos pronto, gracias.

The virus searches for .GIF, .JPG, .JPEG, .MPEG, .MOV, .MPG,
.PDF, .PNG, .PS, and .ZIP files in the MY DOCUMENTS folder
and attempts to send copies of these documents to email
recipients found in the Windows Address Book and addresses
found in cached files.

RavioliKid · July 29, 2001, 12:07:28 PM

I got one of those. I was proud of myself for not opening it. ;)

Kevin · July 29, 2001, 08:07:06 PM

The Milling Group just received the virus asking for advice from a Betsy Miner.

Jeff · July 30, 2001, 10:14:41 AM

I received the *DanG thing 2 more times this morning!

Don P · July 30, 2001, 12:00:08 PM

Heard a bit on it this am on NPR calling it sir cam (or sounded like that anyway).
Apparently there is a red worm out also, was supposed to gang up on the white house system.

Ron Scott · July 30, 2001, 07:07:35 PM

I've received it twice!

Jeff · July 30, 2001, 07:44:48 PM

I can't believe how wide spread this one is. I just got another. This one was from steve and Ann kimball.??? subject: Joke software. But the same I hope you like the file that I sendo you message.

I looked at the attachement. Its over 300kb. thats big. Most worms or virus's due thier nastys at a much smaller size.

My Son's girl Friend opened Hers on her dads puter. DUH. I guess we'll see what it takes to clean it out now

nfp · July 30, 2001, 08:16:38 PM

this is the third one in 4 days just got one when opened sawmilling post on this forum. knocked out of aol with error elert, started over, aol up dated 20 sec. didnt go into sawmilling first went to chainsaw first ok when opened sawmilling tried to do its nastieeeee again double clicked again went in. i have deleated all unknown e-mail for 3 days, what can we do? later nfp

Jeff · July 30, 2001, 09:00:38 PM

You can't get a virus from an e-mail! You get the virus from attachments that come in the e-mail.

Never open an attachment that you do not know that is coming. Even if it is from your mother. Delete the thing. If it was from mom ask her, she will send it again.

The problem with most of these things is they do attach to your address book and send their selves to people you know. The problem with this one is I don't know any of the people that I have gotten this from.

Jeff · July 31, 2001, 10:44:04 PM

Do you ya'll know that your virus software is worthless defending against worms or virus's created after you installed the software?

Do you go to your virus software manufactures website and upgrade regularly? If you don't you will be infected eventually. Virus software defeats virus's it knows about. When Mcafee or Norton get word on a new virus, they create dat files to upgrade your software. If you do not go and do that regularly, you are unprotected.

Because of my work, and responsibility to my web clients, I am more aware then most because of the large amount of varied data I receive. I update our files twice a week.

Don P · September 18, 2001, 11:34:20 AM

Just heard there's a new virus out, sorry , only detail was to watch e-mail attachments. Gonna go update!

Jeff · September 18, 2001, 04:30:39 PM

The new virus, or "worm" is a webserver worm. Not unlike the red alert of last month. This is why you are experiencing a slow forum. Our server is upgrading its firewall, and things should be normal soon.

Nimda (w32.nimda.amm)

WASHINGTON (AP) _ Anti-virus researchers were
fighting a new Internet attacker Tuesday similar to the
"Code Red" worm that infected hundreds of thousands of
computers several months ago.

The worm, known as "W32.Nimda," had affected
"thousands, possibly tens of thousands" of targets by
midday Tuesday, according to Vincent Gullotto, head virus
fighter at McAfee.com, a software company.

Even when the attack isn't successful, the worm's
scanning process can slow down the Internet for many
users and can have the effect of knocking Web sites or
entire company networks offline.

The FBI is investigating the worm, said spokeswoman
Debbie Weierman. The agency has not indicated whether
the worm is connected to last week's terrorism attacks.

On security e-mail lists, system administrators nationwide
reported unprecedented activity related to the worm,
which tries to break into Microsoft's Internet Information
Services software. That software was the same targeted
by Code Red, and is typically found on computers running
Microsoft Windows NT or 2000.

Most home users, including those running Windows 95,
98 or ME, are not affected.

Ken Van Wyk, chief technology officer at ParaProtect,
said the worm tries to wriggle in through 16 known
vulnerabilities in Microsoft's IIS, including the security
hole left in some computers by the "Code Red II" worm,
which followed Code Red in August.

Code Red, by comparison, attacked through only one
hole, which could be patched by downloading a program
from Microsoft's Web site.

"It's causing enormous pain because it is at least an
order of magnitude more aggressive than Code Red," said
Alan Paller, director of research at the nonprofit Sans
Institute. "It's a pretty vigorous attacker."

In addition to direct Internet attacks, the worm can also
travel via e-mail. The e-mail message is typically blank,
and contains an attachment called "README.EXE."
Antivirus experts warn that users shouldn't open
unexpected attachments.

Efforts to isolate and track the worm were hampered by
the swiftness of the attack. Gullotto said the first report
came at about 9 a.m. EDT, from a site in Norway.

"It's taken down entire sites," Gullotto said. "I can't
even get to the Internet right now."

On Monday, the FBI's National Infrastructure Protection
Center warned that a hacker group called the
"Dispatchers" said they would attack "communications
and finance infrastructures" on or about Tuesday.

"There is the opportunity for significant collateral
damage to any computer network and telecommunications
infrastructure that does not have current countermeasures
in place," officials said in a warning on the NIPC Web site.

Last week, the FBI warned that there could be an
increase in hacking incidents after the twin attacks in New
York and Washington. They advised computer users to
update their antivirus software, get all possible security
updates for their other software, and be extra careful
online.