Speak My Language
What makes SirCam so dangerous is not necessary just the worm itself. More dangerous are the new innovations and new concepts it provides to future virus writers. Like the classic e-mail worm, that has plagued Microsoft Outlook users forever, SirCam partly spreads through e-mail. But unlike "Love Letter" which only spoke English, SirCam checks the language setting of Windows. If a victim PC is set to Spanish it will promptly compose the e-mail message used to spread infection in Spanish instead of English. We can be sure to find lots more of these new multilingual viruses out there in the future.
BYO... SMTPEE
Another dangerous innovation of SirCam, which the media somehow amazingly managed to ignore, is that unlike its ancestors, "Melissa" and "Love Letter," SirCam doesn't rely on the vulnerabilities of Microsoft Outlook. That's because SirCam, always the shrewd fellow, has come well equipped for his mission. SirCam has packed itself its very own SMTP e-mail engine. What that means in English is it doesn't need Outlook to send e-mail. It doesn't need Eudora. It doesn't need Messenger. It doesn't even need AOL. All SirCam needs to send e-mail is a live Internet connection. Outlook "address books" will help SirCam choose its future victims but they are not its only source.
Mischievous Chap
SirCam doesn't seem to be much concerned for your privacy either. Much the opposite. First he checks through the websites you've recently visited, gathers up all e-mail addresses listed on those websites and send them a copy of itself. But first SirCam grabs a recently viewed file, possible that top secret Word document you were working on, and sends that out together with itself. So not only do the webmasters of websites you've just been at know you've visited, they also have a copy of your secret document. (Of course if they clicked on it to view it they'd get infected too.) Finally, SirCam also spreads through shared folders. While that's not an entirely new innovation, SirCam does it well, and its code is likely to be copied. Now here's the kicker: SirCam is programmed to delete all your files on October 16th. I predict while the media may be quiet now, we'll be hearing a lot more about SirCam come October.
Stay Safe
If you don't have any anti-virus software or if your haven't installed the latest anti-virus software update, your computer can get infected with SirCam and you would never know -- at least not until October 16th. As for Code Red, you don't have to worry about it unless you're running IIS 4.0 or 5.0. If you are running IIS, reboot (that will wipe out Code Red), and install Microsoft's security patch found at:
| Here's the follow-up discussion on this article: | View all related messages |
For a complete listing of article comments, questions, and other discussions related to Philip M. Orbach's Digital Security topic, please visit the Discussions page.