Virus Alert: McAfee AVERT Raises Risk Assessment From Medium to HIGH on SirCam WORM

W32/SirCam@MM – Mass Mailing Internet Worm Hides in Recycle Bin; Can Cause Potential Mail Storms

BEAVERTON, Ore., July 23 /PRNewswire/ — Due to an increase of infected users, McAfee AVERT (Anti-Virus Emergency Response Team), a division of Network Associates, Inc. (Nasdaq: NETA), today raised its risk assessment of the recently discovered SirCam worm to HIGH risk. W32/SirCam@MM is a destructive mass-mailing (@mm) worm that sends copies of itself to all the e-mail addresses in the infected users’ address books. In addition, SirCam sends files with extensions .GIF, .JPG, .JPEG, .MPEG, .MOV, .MPG, .PDF, .PNG, .PS, and .ZIP in the MY DOCUMENTS folder out of the existing environment. AVERT has received more than 300 samples of the virus directly, and has also received reports of hundreds more customers being infected, or reporting the virus being stopped since its discovery on July 17, 2001.


SirCam is an Internet worm that once activated, saves files with the extensions .GIF, .JPG, .JPEG, .MPEG, .MOV, .MPG, .PDF, .PNG, .PS, and .ZIP to the file SCD.DLL in the SYSTEM directory. The worm sends itself and the above-mentioned files to all recipients in the Windows Address Book. The worm itself is a compiled executable with varying file names.

Subject: [filename (random)]

Body of email: Hi! How are you?

I send you this file in order to have your advice

or I hope you can help me with this file that I send

or I hope you like the file that I sendo you

or This is the file with the information that you ask for

See you later. Thanks

— the same message may be received in Spanish —

Hola como estas ?

Te mando este archivo para que me des tu punto de vista

or Espero me puedas ayudar con el archivo que te mando

or Espero te guste este archivo que te mando

or Este es el archivo con la informacion que me pediste

Nos vemos pronto, gracias.

Attachment: Attached will be a document with a double extension (the filename varies).


Immediate information and cure for this virus can be found online at the McAfee AVERT site at . McAfee VirusScan users should update their systems from that page and use the 4.0.70 or later scanning engine to stop potential damage.

McAfee AVERT is one of the top-ranked anti-virus research organizations in the world, employing more than 90 researchers in offices on five continents. McAfee AVERT protects customers through McAfee AutoUpdate technology, which allows McAfee anti-virus software to check for updated information on new viruses, and download cures automatically as soon as they are available. Cures are developed by the combined efforts of McAfee AVERT researchers and McAfee AutoImmune technology, which applies advanced heuristics and sophisticated programming to automatically generate cures for previously undiscovered viruses.

McAfee is a division of Network Associates, Inc. that protects e-businesses from security breaches and virus attacks. McAfee has aggressively focused on the burgeoning mobile and wireless marketplace, developing the VirusScan Wireless family of products. McAfee is also actively addressing the service provider market through McAfee ASaP, which offers Internet security and virus protection. All McAfee products are backed by the world’s leading anti-virus research organization, McAfee AVERT (Anti-Virus Emergency Response Team), the team which first identified Melissa, Bubbleboy and Phage, the first wireless virus. For more information, McAfee can be reached at 800-338-8754 and on the Internet at or .

With headquarters in Santa Clara, Calif., Network Associates, Inc. is a leading supplier of security and availability solutions for e-businesses. Network Associates is comprised of four product groups: McAfee, delivering world class anti-virus products; PGP Security, providing firewall, intrusion detection and encryption products; Sniffer Technologies, a leader in network and application management; and Magic Solutions, providing web-based service desk solutions. For more information, Network Associates can be reached at +1-972-308-9960 or on the Internet at .

NOTE: Network Associates, McAfee, PGP, Sniffer, VirusScan, WebShield, NetShield, GroupShield, PrimeSupport, Enterprise SecureCast and Magic Solutions are registered trademarks of Network Associates, Inc. and/or its affiliates in the United States and/or other countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners.

Don't miss