Definitely Sircam worm. I should know about it. We had
a full on DDoS attack going on with this lovely little bugger attached.
Thousands of e-mails from different sources going to a recipient we don't have
but the domain name was ours. Still getting them but the firewall is saying 'no
thanks' now before delivery takes place.
Only
difference: We got the attachments with the worm, and I am talking big
attachments, whereas your's seem to have gotten stuffed up somewhere along the
way. What does your Antivirus software say?
Regards,
Dagmar Neumann
IT Operations Manager
phone: (02) 9690 7578
mobile: 0402 223 011
e-mail: [EMAIL PROTECTED]
Dagmar Neumann
IT Operations Manager
phone: (02) 9690 7578
mobile: 0402 223 011
e-mail: [EMAIL PROTECTED]
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Saturday, 1 September 2001 4:10 AM
To: NT System Admin Issues
Subject: RE: Is it a bird... is it a worm??Yes, this is the SirCam32 virus. This is the message that is sent to you to get you started with your own virus nightmare.http://www.sunbelt-software.com/ntsysadmin_list_charter.htm-----Original Message-----
From: EALES, Jack / RSAIFS - IOM [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 31, 2001 11:19 AM
To: NT System Admin Issues
Subject: Is it a bird... is it a worm??One of our users has received a number of identical messages from unrelated contacts that he (and I) is rather disturbed by... it looks like some sort of worm / buffer overflow - maybe? I'm no expert... but I sure there might be one or two of you out there ;-)The attachment (which isn't attached) name changes from message to message, but the bulk of the text of the message is the same and is as follows:<snip>------1E6A12EB_Outlook_Express_message_boundaryContent-Type: text/plain; charset=ISO-8859-1Content-Transfer-Encoding: quoted-printableContent-Disposition: message textHi! How are you=3FI send you this file in order to have your adviceSee you later=2E Thanks------1E6A12EB_Outlook_Express_message_boundary</snip>There then follows a stream of several hundred / thousand (no time to count - trust me it's lots!!) lines with seemingly random characters .I've hacked all this out as the list thinks I'm sending an attachment and refuses to post it. Does this mean anything / look familiar to anyone? If you want the full text let me know and I'll send it off-listJackJack EalesSenior PC / Network Project AnalystTel: +44 1624 821236Mob: +44 7624 450125Fax: +44 1624 824405Royal & SunAlliance International Financial Serviceshttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm
