Industrial Espionage Worm Strikes – Sophos Says Beware Of Sircam
Sophos Anti-Virus, a world leader in corporate anti-virus protection, today warned of a new worm which could prove highly damaging to unprotected businesses. The Sircam worm (also known as W32/Sircam-A), steals commercially sensitive or personal documents from the infected PC. It then forwards these files to all of the infected users’ email contacts.
Sophos has already received over two hundred reports of the worm from corporates and predicts it may be the one of the year’s hardest-hitting viruses.
“This worm is capable of ‘scooping up’ documents and spreadsheets from your hard drive and forwarding them to everyone in your address book,” said Graham Cluley, senior technology consultant for Sophos. “Your credibility could be seriously compromised if personal or highly sensitive documents end up in a competitor’s inbox. Users should keep their anti-virus protection up to date and be wary of all unsolicited attachments if they want their integrity to remain intact.”
On 16 October there is a 5 per cent chance the worm will wipe all files from the computer’s hard disk.
Sircam can be difficult to spot as the subject line of the infected email changes each time the worm replicates – adopting the name of the attached stolen file. The worm is also capable of identifying the operating system default language, and can reproduce in Spanish or English.
The Sircam worm is also unlike many other email-aware viruses, using its own SMTP routine and so does not rely on Microsoft Outlook to spread itself via email. As well as using names from the Windows address book it can also send infected emails to addresses found in temporary internet files from recently visited websites.
Read more about the W32/Sircam-A worm at: http://www.sophos.com/virusinfo/analyses/w32sircama.html.
Sophos issued an IDE update to protect against W32/Sircam-A on 18 July 2001. Sophos recommends users subscribe to its free notification service regarding new viruses found in the wild.
Graham Cluley is available for comment on +44 (0) 1235 544114