Ser at det var dette virus jeg mottok. BBC skriver:
"The text of the Sircam message varies, making it more difficult for people
to spot an infected file. However, the virus always begins "Hi! How are
you?", and always ends "See you later. Thanks".
Karsten Johansen
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1454000/1454155.stm
Tuesday, 24 July, 2001, 11:34 GMT 12:34 UK
Sircam virus steals files
If you get a message bearing this text, delete it. By BBC News Online
technology correspondent Mark Ward
A computer virus called Sircam is using some clever tricks to spread itself
and potentially sensitive files around the net.
The virus strikes PCs running Windows, plunders address books for new places
to send itself and steals random documents from a machine's hard disk.
It also attempts to disguise itself by changing the main text of the message
and choosing a new subject line every time it travels.
The virus, more properly known as a worm, was first detected in mid-July but
has slowly been gathering momentum.
Sircam strikes
Anti-virus companies are reporting that the virus christened Sircam has been
turning up in ever increasing numbers since it was first discovered on 16
July. Messagelabs said it had caught almost 11,500 copies of Sircam from 110
countries. Over 4,000 copies have been stopped in the last 24 hours.
"Although we have seen significant numbers of this virus in the US, we
believe that Europe is still waiting to feel the brunt of the Sircam virus,"
said Mark Sunner, a MessageLabs spokesman.
Unlike the Love Bug, Naked Wife and Kournikova viruses which spread by
exploiting human gullibility and the weaknesses of Microsoft's popular
Outlook e-mail program, Sircam contains its own mail program so it can
travel with no external help.
But like other viruses, a machine only becomes infected when the message
containing the file is opened and the attachment launched.
File mangler
In contrast to other viruses, Sircam can plunder the address books of almost
any Windows e-mail program, as well as any e-mail addresses it finds in the
cache file of a web browser on an infected machine.
Sircam also steals a random file from the hard disk of an infected machine
and attaches this to messages it sends. As a result attachments can vary
enormously in size and contribute to the clogging of mail servers. So far,
the largest file seen mailed with the virus was 107 megabytes in size.
In an added twist, the subject line of the infected mail message is changed
to the name of the plundered file.
Viruses such as the Love Bug were easy to warn people about because they
always travelled with the same subject line. Every message Sircam sends uses
a different subject line. The name picked is the same as the file attached
to it.
Already there have been reports of memos, CVs, job listings, diary entries,
expense forms and complaint letters being attached to infected messages.
Graham Cluley, a spokesman for anti-virus company Sophos, said Sircam was
easily the biggest virus seen this month. "This may be because it has been a
few weeks since anything really big has happened on the virus front so
people have got complacent," said Mr Cluley.
The text of the Sircam message varies, making it more difficult for people
to spot an infected file. However, the virus always begins "Hi! How are
you?", and always ends "See you later. Thanks".
The virus is thought to have originated in South America and this perhaps
explains why there are both Spanish and English versions of the virus. It
also contains a timer that may lead to lots of files on infected computers
being deleted on 16 October.
The virus is more properly known as a worm because it can spread itself with
no help from other programs.
This archive was generated by hypermail 2b29 : 03-08-01 MET DST