Nasty little virus!!!

Mon Jul 23 11:56:28 EDT 2001

There's a very nasty little virus going around.  I've gotten about a dozen
emails with the virus attached.  The subject line is usually different, and
the attachment may have (apparent) different names, but it just about always
has a message saying something like "I send this to you in order to have
your advice.  See you later."

Here's what I've found about the virus and how to get rid of it.  As always,
DO NOT OPEN EMAIL ATTACHMENTS from people you don't know, or that you aren't
expecting.  Because this virus infects a recipient's address book, YOU MAY
GET IT FROM SOMEONE YOU KNOW, without their knowing they sent it.  So just
because your cousin Ferd sent you an email doesn't mean you should open the
attachment.  Check with Ferd first.

Here's the info:

I include a description from Mcafee below, with cleanup info. mainly,
carefully delete the attachment.

An interesting aspect of this is that disguise of the worm as an innocent
file takes advantage of the Microsoft long file name convention allowing an
apparent extra extension. Windows also has a default "feature" of hiding
the real extension, so it isn't obvious the file is really an exe, bat, or
pif  --which execute.

If you'd like to turn this "feature" off and see what your file extensions
are, right click on "my computer", click on explore, click on view, folder
options, view. click the button to show all file types, uncheck the box
that says hide file extensions. This will make it less likely will be
fooled by not knowing that a file is an executable worm or virus.
bud

************

> (((((((((((((((((( McAfee.com Dispatch )))))))))))))))))))))
>
>
> ------------------------------------------------------------
>      **VIRUS ALERT - W32/SirCam at MM (Sir Cam Virus)**
> ------------------------------------------------------------
>
> [This message is brought to you as a subscriber to the
> McAfee.com Dispatch. To unsubscribe, please follow the
> instructions at the bottom of the page.]
>
>
> McAfee.com has seen a large and growing number of consumer
> computers infected with W32/SirCam at MM.  This is a HIGH RISK
> VIRUS FOR CONSUMERS. The infected email can come from
> addresses that you recognize. Attached is a file with two
> different extensions. The file name itself varies.
>
> The email message can appear as follows:
>
> Subject: [filename (random)]
> Body: [content varies]
>
>
> Hi! How are you?
> I send you this file in order to have your advice
> or I hope you can help me with this file that I send
> or I hope you like the file that I sendo you
> or This is the file with the information that you ask for
> See you later. Thanks
>
> --- the same message may be received in Spanish ---
>
> Hola como estas ?
> Te mando este archivo para que me des tu punto de vista
> or Espero me puedas ayudar con el archivo que te mando
> or Espero te guste este archivo que te mando
> or Este es el archivo con la informaci?n que me pediste
> Nos vemos pronto, gracias.
>
> The virus searches for .GIF, .JPG, .JPEG, .MPEG, .MOV, .MPG,
> .PDF, .PNG, .PS, and .ZIP files in the MY DOCUMENTS folder
> and attempts to send copies of these documents to email
> recipients found in the Windows Address Book and addresses
> found in cached files.
>
> For detection and removal instructions for the Sir Cam Virus,
> click here.
> -> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=2371
>