[meteorite-list] FROM ADMIN - new virus alert - PLEASE READ
From: ajones_at_siliconspace.com <ajones_at_meteoritecentral.com>
Date: Thu Apr 22 09:43:33 2004 Message-ID: <OFB9D166FD.FB154B30-ON88256A8F.005EA6F2_at_siliconspace.com> --0__=88256A8F005EA6F28f9e8a93df938690918c88256A8F005EA6F2 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: quoted-printable Hello Everyone; Read Below -- Watch out for this new one. Also, please do not post any additional messages to the List regarding this virus. Thank you p.s. Thanks to Bob V. for pointing this out to me =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >>>>>>>>>>>>>>>>>>>= >>>>> = =20 W32/SirCam_at_MM Help Center = =20 = =20 = =20 = =20 DESCRIPTION - What virus is this? = =20 = =20 = =20 = =20 This is a HIGH RISK virus for consumers that is spread to email recipi= ents=20 found in the Windows Address Book and addresses found in cached files.= The=20 infected email can come from addresses that you recognize. Attached is= a =20 file with two different extensions. The file name itself varies. = =20 = =20 = =20 The email message can appear as follows: = =20 Subject: [filename (random)] = =20 = =20 = =20 = =20 Body: = =20 Hi! How are you? = =20 = =20 I send you this file in order to have your advice = =20 or I hope you can help me with this file that I send = =20 or I hope you like the file that I sendo you = =20 or This is the file with the information that you ask for = =20 See you later. Thanks = =20 = =20 = =20 --- the same message may be received in Spanish --- = =20 = =20 = =20 Hola como estas ? = =20 Te mando este archivo para que me des tu punto de vista = =20 or Espero me puedas ayudar con el archivo que te mando = =20 or Espero te guste este archivo que te mando = =20 or Este es el archivo con la informaci=F3n que me pediste = =20 Nos vemos pronto, gracias. = =20 = =20 = =20 = =20 = =20 (Embedded image moved to file: pic29358.gif) = =20 = =20 = =20 = =20 PAYLOAD - What can this virus do? = =20 = =20 = =20 = =20 When run, the document will be saved to the C:\RECYCLED folder and the= n =20 opened while the virus copies itself to C:\RECYCLED\SirC32.exe folder = to =20 conceal its presence and creates a registry key value to load itself = =20 whenever .EXE files are executed. = =20 = =20 = =20 The virus searches for .GIF, .JPG, .JPEG, .MPEG, .MOV, .MPG, .PDF, .PN= G, =20 .PS, and .ZIP files in the MY DOCUMENTS folder and attempts to send co= pies=20 of these documents to email recipients found in the Windows Address Bo= ok =20 and addresses found in cached files. = =20 = =20 Arthur Jones Meteorite Central= --0__=88256A8F005EA6F28f9e8a93df938690918c88256A8F005EA6F2 Content-type: image/gif; name="pic29358.gif" Content-Disposition: attachment; filename="pic29358.gif" Content-transfer-encoding: base64 R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw== --0__=88256A8F005EA6F28f9e8a93df938690918c88256A8F005EA6F2-- Received on Fri 20 Jul 2001 01:16:43 PM PDT |
 StumbleUpon del.icio.us reddit Yahoo MyWeb
|