S E P T E M B E R 2 0 0 1

Computing News Back Issues

Computer Security

Computing Infrastructure Support (CIS)

CIS Services

Computing Standards

Software Downloads

CIS Computer
Help Desk

CIS Help
Request Form

Unix Services
ISS
IMAP4
Calendaring


Subscription Information    
Introducing Virus Alert: Your Monthly Guide to Internet-Inflicted Infections
 

Beginning this month, Computing News will include a Virus Update in each issue to help Lab employees be aware of the latest viruses, how to recognize them and how to protect against them. Virus Update will be produced the by Lab's Computer Protection Program, which offers additional anti-virus information on its Web site.

Here's a survey of the latest viruses making the rounds:


NIMDA

Identification:

  • Subject: May be blank or contain the words "sample" and "desktop" repeated several times.
  • Message: There is usually no message.
  • Attachment: README.EXE

Transport mechanism:

  • email
  • infected Web sites visited via old versions of Microsoft Internet Explorer Web browsers
  • network folders that are writable by the infected machine
  • several known Windows networking vulnerabilities

Synopsis:
Spreads very fast. Does little damage. Only affects Microsoft Windows-based computers.

Removal:
Must run a removal tool to get rid of it. Tool available on the Web.

More information is also available from Microsoft.


WTC

Identification:

  • Subject: "Fwd:Peace BeTweeN AmeriCa and IsLaM!".
  • Message: "Hi! iS iT A waR Against AmeriCa Or IsLam! Let's Vote To Live in Peace!"
  • Attachment: WTC.exe

Transport mechanism:

  • email - sends to everyone in Microsoft Outlook address book

Synopsis:
Spreading slowly. Does major damage! Only affects Microsoft Windows-based computers.

Removal:
A current version of Norton Antivirus with 9/24/01 or later signature file will remove it.

More information.


SIRCAM

Identification:

  • Subject: (name of attached file)
  • Message: One of the two messages below:
    Hi! How are you?
    I send you this file in order to have your advice
    See you later. Thanks
    or
    Hola como estas ? Te mando este archivo para que
    me des tu punto de vista
    Nos vemos pronto, gracias.
  • Attachment: SIRCAM takes a random file from the victim's computer, infects it, and attaches one of following extensions to it: .LNK, .EXE, .COM, .BAT or .PIF. The name of the file can be anything, but the file will always have two extensions in the form "NAME.EX1.EX2" where EX1 is the original extension and EX2 is the extension added by SIRCAM

Transport mechanism:

  • email - sends to everyone in Outlook address book and e-mail addresses found in cached webpages.
  • network folders that are writable by the infected machine

Synopsis:
Spreads quickly. May fill all free space on the C: drive. May delete files on October 16th. Only affects Microsoft Windows-based computers.

Removal:
Must run a removal tool to get rid of it. The tool can be downloaded from the Web

More information.

Top | Return to Computing News