Don't know what the AV stuff says - our mail / internet gateway is
managed by another part of group - I've passed it on to the admin for it - but
he hasn't come back to me as yet....... the joys of the weekend ;-)
Thanks to all of you for the advice - I had a feeling it was a worm - but
couldn't find anything that matched it - probably because the attachment was
messed up!!
Cheers
-----Original Message-----
From: Neumann, Dagmar [mailto:[EMAIL PROTECTED]]
Sent: 03 September 2001 02:56
To: NT System Admin Issues
Subject: RE: Is it a bird... is it a worm??
From: Neumann, Dagmar [mailto:[EMAIL PROTECTED]]
Sent: 03 September 2001 02:56
To: NT System Admin Issues
Subject: RE: Is it a bird... is it a worm??
http://www.sunbelt-software.com/ntsysadmin_list_charter.htmTHIS MESSAGE ORIGINATED ON THE INTERNET - Please read the detailed disclaimer below.
----------------------------------------------------------------------Definitely Sircam worm. I should know about it. We had a full on DDoS attack going on with this lovely little bugger attached. Thousands of e-mails from different sources going to a recipient we don't have but the domain name was ours. Still getting them but the firewall is saying 'no thanks' now before delivery takes place.Only difference: We got the attachments with the worm, and I am talking big attachments, whereas your's seem to have gotten stuffed up somewhere along the way. What does your Antivirus software say?Regards,
Dagmar Neumann
IT Operations Manager
phone: (02) 9690 7578
mobile: 0402 223 011
e-mail: [EMAIL PROTECTED]http://www.sunbelt-software.com/ntsysadmin_list_charter.htm-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Saturday, 1 September 2001 4:10 AM
To: NT System Admin Issues
Subject: RE: Is it a bird... is it a worm??Yes, this is the SirCam32 virus. This is the message that is sent to you to get you started with your own virus nightmare.http://www.sunbelt-software.com/ntsysadmin_list_charter.htm-----Original Message-----
From: EALES, Jack / RSAIFS - IOM [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 31, 2001 11:19 AM
To: NT System Admin Issues
Subject: Is it a bird... is it a worm??One of our users has received a number of identical messages from unrelated contacts that he (and I) is rather disturbed by... it looks like some sort of worm / buffer overflow - maybe? I'm no expert... but I sure there might be one or two of you out there ;-)The attachment (which isn't attached) name changes from message to message, but the bulk of the text of the message is the same and is as follows:<snip>------1E6A12EB_Outlook_Express_message_boundaryContent-Type: text/plain; charset=ISO-8859-1Content-Transfer-Encoding: quoted-printableContent-Disposition: message textHi! How are you=3FI send you this file in order to have your adviceSee you later=2E Thanks------1E6A12EB_Outlook_Express_message_boundary</snip>There then follows a stream of several hundred / thousand (no time to count - trust me it's lots!!) lines with seemingly random characters .I've hacked all this out as the list thinks I'm sending an attachment and refuses to post it. Does this mean anything / look familiar to anyone? If you want the full text let me know and I'll send it off-listJackJack EalesSenior PC / Network Project AnalystTel: +44 1624 821236Mob: +44 7624 450125Fax: +44 1624 824405Royal & SunAlliance International Financial Serviceshttp://www.sunbelt-software.com/ntsysadmin_list_charter.htm
----------------------------------------------------------------------
The following message has been automatically added by the mail gateway to comply with a Royal & Sun Alliance IT Security requirement:
As this email arrived via the Internet you should be cautious about its origin and content. Replies which contain sensitive information or legal/contractual obligations are particularly vulnerable. In these cases you should not reply unless you are authorised to do so, and adequate encryption is employed.
If you have any questions, please speak to your local desktop support team or IT security contact.
----------------------------------------------------------------------
