SirCam slowing, but threat lingers
Published: 27 Jul 2001 09:30 BST
"The worst is over, but we won't see a huge drop-off yet," said David White, technical manager for British email service provider MessageLabs. "It is still by far the most prolific virus that is currently spreading."
Although the weekend saw a small drop in the rate of infection, the number of copies of SirCam caught daily by MessageLabs continued to grow early this week, topping 10,000 messages on both Tuesday and Wednesday. On Thursday, that growth stopped. Though MessageLabs had not posted final numbers for the day, it had intercepted only about 4,000 worm-laden emails by midday.
Part of the reason for the drop is that companies have got their houses in order, said Vincent Gullotto, director of antivirus research for PC software company Network Associates. "It didn't get to outbreak status, because corporations were able to block it before it got in," he said.
The worm is a mass mailer, working in a manner similar to the Love Letter and Magistr infections. SirCam spreads by sending email messages with infected attachments. While the message's subject line varies, the body generally contains the same text: "Hi! How are you? I send you this file in order to have your advice. See you later. Thanks." A small number of messages have similar text in Spanish.
Opening the attached file on a PC running Windows will infect the victim's computer. The worm appends itself to a file randomly selected from the infected computer's "My Documents" folder and attaches that to an email. Messages are sent to everyone in the person's Windows address book and to any email addresses in the Web browser's cache file, where images of recently viewed pages are stored.
The virus has been responsible for leaking corporate documents, password files and, in one case, official FBI documents.
For home users, the virus is still a danger, said MessageLabs' White. "There are an awful lot of home users that have no antivirus protection today, and that can be catastrophic," he said.
Email users writing to CNET News.com agreed, saying the virus was clogging Internet access and sharing confidential information. "I think this virus is being extremely underestimated," wrote one email user, who had received five infected messages.
Network Associates plans to reduce its rating of the virus from "high" risk to "medium" sometime next week.
Is your PC safe? Find out in ZDNet UK's Viruses and Hacking News Section.Have your say instantly, and see what others have said.
Click on the TalkBack button and go to the Security forum.
Let the editors know what you think in the Mailroom. And read other letters.
Did you find this article useful?
41 out of 99 people found this useful
- Share this article:
