The Sircam worm
(aka W32.Sircam.Worm@mm) was a rather big email worm
in July 2001. It will arrive in your inbox
with the name of a file as the subject and the same file as an attachment
. The message body will be something like:
" I send you this file in order to have your advice. See you later. Thanks."
The message may also appear in Spanish
"Te mando este archivo para que me des tu punto de vista."
The file is a random file from the previous victim's My Documents
folder merged with the virus and given an extra extension
. For example, when it got sent to me, I was sent the file patcher.zip
which became patcher.zip.pif
. The added extensions .BAT
, and .COM
have also been seen.
Should you become infected with this worm
, it will:
- Send itself to e-mail addresses that it finds either in HTML files that Internet Explorer has cached, or in Outlook Express/Outlook address books.
- There is a 1 in 33 chance it will try to fill your hard disk by creating a large text file in C:\recycled\sircam.sys filled with a repetition of
SirCam Version 1.0 Copyright 2000 2rP Made in / Hecho en - Cuitzeo, Michoacan Mexico.
- There is a 1 in 20 chance it will attempt to delete all files on the C: drive on October 16th.
- The virus will be merged with a random file from your My Documents folder whenever it is sent to anyone.
To avoid being infected with this virus, simply do not try and open the attachment
, no matter how much you think that your advice is needed.
If the file that was sent from the previous victim
's My Documents
looks interesting, you could possibly open it by saving the file without the second extension
and opening it from the appropriate program. I would be sure to use File... Open from the program instead of double clicking on the file especially since Windows will not show some of those extensions even if you have set your View options to show file extensions.
If you have been infected with this virus, a removal tool is available at: http://www.sarc.com/avcenter/FixSirc.com
Info from http://firstname.lastname@example.org and my own personal experience being sent (but not infected by - I at least know not to open random attachments) this virus.
I just wish I would have been sent a cool file from the previous victim's My Documents instead of a patch for a game I don't own.Thanks to ailie for some fixes.
Stavr0: Perhaps you have to hexedit it to get a .doc file out of it, but at least for a .zip file you only have to open it from Winzip (although perhaps it would have yielded corrupted files if I actually tried to extract everything - I only read the readme.txt (uncorrupted) from the .zip archive).... YMMV..