For about the last week, my email accounts, both personal and hotmail-type, have been recieving emails with pretty much the same message…
Hi! How are you?
>
I send you this file in order to have your advice
See you later. Thanks
Attached is a file of varying types (it always downloads improperly). The mail comes from different addresses (including, recently, from someone in MY address book), and has different subjects, such as “Budget 2001” and “Invoice” and “WP1”. I haven’t opened the file as I think it is virus.
Has anyone else experienced this?
Is there any way to combat it?
This is the newest virus. It completely screws up Outlook, and is hard to find for most virus scanners. It sends random files to people in your address book. Go to http://www.sarc.com for more info.
A: Get anti virus software
B: Keep it updated
C: Avoid Microsoft outlook/express as a mail client as it’s the most frequently exploited.
D: Don’t open attachments unless you’re damn sure what they are and have followed A an B
E: Setup autodelete/anti-spam rules in your email client.
Hey I got one of those today. I opened the email, but virus-scanned the attachment before I tried to open it; when the virus-scan detected a virus I deleted the whole thing.
Am I in danger of being infected? I mean, Yes I opened the email, but No I didn’t open the attachment.
This virus is called the Sircam worm, and I’ve gotten about 30 copies of it. It actually mails itself to e-mail addresses from your web cache and I think it has its own e-mail software so that it doesn’t need Outlook. The attachments are random files from the infected machine’s hard drive (which is where the different subject headers come from), plus the virus. The attachment is an executable program, but it has a file name like document.doc.pif, which Windows will show as document.doc. You have to open it to be infected. There are instructions on symantec.com for removing it if you get infected.
BTW, if you get infected, you’ll need the tool on the Symantec site to clean it. Running an updated virus scanner may cause more problems. And don’t empty your recycle bin until the virus is cleaned – that’s where it resides, and if you delete it, you can’t run executable files until you fix the registry (Symantec’s tool takes care of that for you).
This is the most rapidly spreading virus yet. Trend Micro is detecting over 6000 infected machines every 24 hours. Message Labs had over 10,000 detects on Tuesday alone. Their up to 30,000 detects this month – an incredible number considering that the virus was first detected on the 17th.
This is also being sent round with the subject in Spanish. I got one today at my Hotmail account that read:
Hola como estas ?
Te mando este archivo para que me des tu punto de vista Nos vemos pronto,
gracias
You can learn more about this bug here. After you read the technical part, click on the ‘Profile’ tab and you can DL a small program to detect and remove the virus.
Thanks for all your answers.
I guess the question now is…
Do I have the virus, or am I getting these emails because someone (or more) of my friends have the virus?
I use a Mac, so I’m not worried about the virus. But the attachment is 200k, so obviously when I get it ten times it plays hell with my 28.8 connection speed.
Is it coming only from people who have my email address? Because the most common sending address is from someone I’ve never heard of.
mungo - You are recieving the emails because someone with your address has the virus. If you have opened any attachments, you most likely have the virus, too. Seriously consider checking out that link I sent.
Fiver - From what I understand, this virus not only takes email addresses from your address book, it also scans your cache and takes any email addresses from there too. The one I got was from a guy who visited my webpage, which has my email at the bottom of each page. I have never corresponded with him.
bunnymom is right. The virus is taking addresses from both the Outlook address book (and maybe other programs’ address books) and the web cache, so anyone whose address is on a web page somewhere is at risk. Everyone needs to be really careful about opening e-mail attachments because of the way Windows hides certain file extensions by default.
Does anyone know if Microsoft has plans to change Outlook and Windows to where they aren’t such efficient virus-spreading tools?
This particular virus doesn’t require Outlook to spread. It can be coded as various file types and doesn’t require VBS. In addition, it has its own SMTP server, so you can spread it even if you have no e-mail software.
Currently, Outlook does give you a warning if software tries to access your address book. However, that’s typical to Microsoft’s approach, which is schizophrenic, to say the least. They design software for the vast majority of users, but their security measures require a computer expert to understand what’s safe and what’s not.