Discovered: July 17, 2001
Updated: February 13, 2007 11:36:55 AM
Also Known As: W32/SirCam@mm [McAfee], Backdoor.SirCam, I-Worm.Sircam.a [AVP], WORM_SIRCAM.A [Trend], W32/Sircam-A [Sophos], W32/Sircam [Panda], Win32.Sircam.137216 [CA], W32/Sircam.worm@mm [F-Secure], Win32.HLLW.SirCam [DrWeb]
Type: Worm
Systems Affected: Windows 95, Windows 98, Windows Me
W32.Sircam.Worm@mm contains its own SMTP engine, and propagates in a manner similar to the W32.Magistr.Worm.
Due to what appears to be a bug, W32.Sircam.Worm@mm does not replicate under Windows NT, 2000, or XP.
Symantec Security Response has created a tool to remove this worm.
CAUTION: In some cases, if you have had NAV quarantine or delete infected files, you will not be able to run .exe files, however you will still be able to run the removal tool.
Configure Windows for maximum protection
Because this virus spreads by using shared folders on networked computers, to ensure that the virus does not reinfect the computer after it has been removed, Symantec suggests sharing with read-only access or using password protection. For instructions on how to do this, see your Windows documentation or the document
How to configure shared Windows folders for maximum network protection.
Antivirus Protection Dates
-
Initial Rapid Release version July 17, 2001
-
Latest Rapid Release version February 24, 2010 revision 053
-
Initial Daily Certified version July 17, 2001
-
Latest Daily Certified version February 24, 2010 revision 054
-
Initial Weekly Certified release date July 17, 2001
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Low
-
Number of Infections: More than 1000
-
Number of Sites: More than 10
-
Geographical Distribution: Medium
-
Threat Containment: Moderate
-
Removal: Moderate
Damage
Distribution
Writeup By: Peter Ferrie
Technorati
Digg
Delicious
Reddit
StumbleUpon
Facebook
Yahoo
Twitter
Faves
Newsvine
