Dangerous New Virus -- Keep AntiVirus Program Up to Date! (fwd)

Just a quick message from our UCI computer geeks about this new virus.
I've gotten about a half dozen of these messages in the last two or three
days (some may originate from WSN, but I can't say for sure).  Luckily,
I've deleted them all without opening the attachments...

dave smith
sociology, uci

---------- Forwarded message ----------
Date: Thu, 26 Jul 2001 08:51:36 -0700 (PDT)
From: Julian Frost <jfrost@eclectic.ss.uci.edu>
To: Multiple recipients of list sociol-p <sociol-p@ssibs.ss.uci.edu>
Subject: Dangerous New Virus -- Keep AntiVirus Program Up to Date!

If you are running Windows and have McAfee Anti-Virus installed on your
computer and your software is NOT set to automatically update itself (see
the email I sent earlier this week), download and run the latest SuperDAT
(for Windows - Intel)  from the McAfee web site:

        http://www.nai.com/naicommon/download/dats/superdat.asp


Why???

A new virus has been spreading rapidly throughout the campus. It's called
"W32/Sircam" which is spread mostly through email but can also be spread
through unprotected network shares. Once the malicious code has been
executed on a system, it may reveal or delete sensitive information.

W32/Sircam can infect a machine in one of two ways:
     * When executed by opening an email attachment containing the
       malicious code
     * By copying itself into unprotected network shares

The virus can appear in an email message written in either English or
Spanish with a seemingly random subject line. All known versions of
W32/Sircam use the following format in the body of the message:

   English
       Hi! How are you?
       [middle line]
       See you later. Thanks

   Spanish
       Hola como estas ?
       [middle line]
       Nos vemos pronto, gracias.

   Where [middle line] is one of the following:

   English
       I send you this file in order to have your advice
       I hope you like the file that I sendo you
       I hope you can help me with this file that I send
       This is the file with the information you ask for

   Spanish
       Te mando este archivo para que me des tu punto de vista
       Espero te guste este archivo que te mando
       Espero me puedas ayudar con el archivo que te mando
       Este es el archivo con la informacion que me pediste

Users who receive copies of the malicious code through electronic mail
might recognize the sender. We encourage users to avoid opening
attachments received through electronic mail, regardless of the sender's
name, without prior knowledge of the origin of the file or if the
attachment is unexpected.


The email message will contain an attachment whose name matches the
subject line and has a double file extension (e.g. subject.ZIP.BAT or
subject.DOC.EXE). There are reports that the first extension may be .DOC,
.XLS, or .ZIP. Anti-virus vendors have referred to additional extensions,
including .GIF, .JPG, .JPEG, .MPEG, .MOV, .MPG, .PDF, .PNG, and .PS. The
second extension will be .EXE, .COM, .BAT, .PIF, or .LNK. The attached
file contains both the malicious code and the contents of a file copied
from an infected system.

Once infected, the W32/Sircam virus will send a copy of itself to
everybody in your email addressbook (if using Eudora, Outlook, Outlook
Express or other Windows-based email programs -- Those using only Pine on
the NACS computers like Orion, E4E, or EA, and those using a Mac, will not
be affected unless the attachment is copied to a Windows-based computer
and run).

The virus can fill the entire hard drive with data preventing the user
from saving anything on the C: drive. Seemingly simple tasks such as
printing a document will be impossible. On October 16th the virus may
attempt to delete all files on the C: drive.

If you are running Windows and have McAfee Anti-Virus installed on your
computer and your software is NOT set to automatically update itself (see
the email I sent earlier this week), download and run the latest SuperDAT
(for Windows - Intel)  from the McAfee web site:

        http://www.nai.com/naicommon/download/dats/superdat.asp

Julian Frost
--
Social Sciences Computing Services
x45476