[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FW: Virus Alert!!!

To: RadSafe <radsafe@list.vanderbilt.edu>
Subject: FW: Virus Alert!!!
From: "Jacobus, John (OD/ORS)" <jacobusj@ors.od.nih.gov>
Date: Mon, 23 Jul 2001 10:29:35 -0400
Reply-To: "Jacobus, John (OD/ORS)" <jacobusj@ors.od.nih.gov>
Sender: owner-radsafe@list.vanderbilt.edu

For your information



-- John 



John Jacobus, MS

Certified Health Physicist 

3050 Traymore Lane

Bowie, MD  20715-2024



E-mail:  jenday1@email.msn.com (H)      



-----Original Message-----

From: ORS IT Support (OD/ORS) 

Sent: Monday, July 23, 2001 10:15 AM

To: ORS Global Notify

Subject: Virus Alert!!!



There is a new virus in the wild called "W32.Sircam". This virus has been

seen at NIH. 



The virus arrives as an email attachment. The "Subject" line is: a random

file name. The attachment is: a random file name. 

The body of the text is: Hi! How are you? And it will contain one of the

following messages:

"I send you this file in order to have your advice 

or I hope you can help me with this file that I send

or I hope you like the file that I send to you

or This is the file with the information that you ask for 

See you later. Thanks "



When the attachment is executed the virus is saved to

C:\RECYCLED\SirC32.exe. The virus also copies itself to

C:\WINDOWS\SYSTEM\SCam32.exe. The virus gathers file names with the

extensions .GIF, .JPG, .JPEG, .MPEG, .MOV, .MPG, .PDF, .PNG, .PS, and .ZIP

from the infected machine saving them to the file SCD.DLL (the 2nd character

of the name appears to be random) in the SYSTEM directory. The virus gathers

email addresses from Outlook and temporary Internet cached pages storing

them in SCD1.DLL (the 2nd and 3rd character of the name appears to be

random) in the SYSTEM directory. Using the file names gathered in the

SCD.DLL file the virus sends itself out to all addresses listed in the

SCD1.DLL file adding .BAT, .COM, .EXE, .LNK, .PIF to the end of the

attachment. The virus uses its own built in SMTP server to send itself out. 



If you receive this email, do not execute any file attached to it, and

delete the email. . . .

************************************************************************

You are currently subscribed to the Radsafe mailing list. To unsubscribe,

send an e-mail to Majordomo@list.vanderbilt.edu  Put the text "unsubscribe

radsafe" (no quote marks) in the body of the e-mail, with no subject line.

Prev by Date: Asst. RSO Position
Next by Date: Re: [aihaih-list] Fw: Norton AntiVirus detected and quarantined a virus in a messag e you received.
Prev by thread: Asst. RSO Position
Next by thread: Re: [aihaih-list] Fw: Norton AntiVirus detected and quarantined a virus in a messag e you received.
Index(es):
- Date
- Thread