Sircam Worm: Crawling Fast but Easily CrushedCuriosity could kill your computer, but quick deletion will spare your files and your correspondents.
Frank Thorsberg, PCWorld.com
Sircam is a tricky e-mail worm that's trying to wriggle its way into PCs all over the world, but you can kill the cyber beast with one keystroke before it can harm your system.
The Sircam worm, first detected in mid-July, is replicating at a rapid rate, say Internet security experts. It's likely you could have a version of it sitting in your e-mail box right now.
"It's not the worst, but it's one of the top ones," says Vincent Weafer, director of the Symantec Anti-Virus Research Center. "On a 1-5 scale, it's rated a 4. It's a global epidemic and it's certainly matching some of the things we've seen like the Love Bug and Melissa. It's a very virulent virus with global impact."
The Sircam worm arrives in an infected attachment to an e-mail message. The e-mail text message comes in several slight variations, but here's a typical example: "Hi how are you. I send this file in order to have your advice. See you later. Thanks."
Use your delete button to get rid of this message (and the attachment, which you shouldn't touch), the experts say. It's a good idea to delete any other suspicious e-mail from anyone you don't know, especially if there's an attachment.
If you don't, you're likely to send the worm squirming down another network path, and find hassles on your hard drive as well. When you open an attachment infected by Sircam, it worms its way into your Outlook address book. The worm chooses a file on your own hard drive to infect and send it as an attachment to its next correspondents. Then it trashes files on your hard drive, and slows down your PC.
Antivirus vendors, of course, urge you to keep your virus definitions current. All the major vendors have updated their programs to identify and nullify the Sircam worm.
But if your PC is already infected, you can obtain a free tool to remove the virus from your system from several computer security companies. Symantec is providing a Sircam removal tool. Another tool is available from McAfee, at its Avert antivirus center. Panda Software also provides a Sircam extraction tool.
Every e-mail user has the power at their fingertips to stop Sircam and other worms that arrive in online mail--by simply hitting the "delete" key. But the originators of these worms are counting on e-mail recipients' curiosity to override their common sense.
Hooked By the Worm
Mary Huhn wishes she'd used her delete button sooner. Huhn writes the "Surfer gURL" technology column for the New York Post. She received a Sircam worm in an e-mail message a few days ago, and her PC soon began sending out infected e-mail messages to people in her address list.
"It's awful. It's bad news," Huhn says. "I've never been caught by virus before. I think that if I had one thing to say, it would be: 'If you are getting e-mail from someone you haven't heard from in a long time or someone you do not know, don't open any attachments.'"
The Sircam worm brings another threat--one of privacy invasion. PC World contributing editor Steve Bass received an infected message from Huhn. He didn't open the attachment, but he examined it closely enough to see that it contains a confidential document that included another newspaper employee's Social Security number. Another infected e-mail to Bass contained details of a confidential employment agreement.
This occurs because the Sircam worm takes an actual random file from the hard drive of its recipient and converts it to an infected executable file that will continue to spread the worm.
The e-mail messages "are from someone you may know and they are using subject lines based on the document itself," says Symantec's Weafer. "People have said they got confused over this and just clicked on it, to their own detriment."