[pmmail-list] newlines in filters? -- Sircam virus/worm

Dave in Phoenix AZ pmmail-list@blueprintsoftwareworks.com
Sat, 28 Jul 2001 17:43:00 -0700 

Virus Warning you have the W32/SirCam@MM virus 

The subject line is a file on your computer chosen by the virus

This message is automatically being sent to everyone who has an infected computer E-mailing me.  You don't know you are infected but you just sent me the spam message which comes from an infected machine.  Here is more info:

VIRUS WARNING 
I am getting hundreds of E-mails from infected machines. 

The virus carrying E-mail says:
Hi! How are you?
I send you this file in order to have your advice
See you later. Thanks

There are other variants of this but this is the message I get.  This virus was detected 7/17/01 and has the highest risk warning from McAfee and is spreading world wide very fast.

I am not infected but obviously many are, from all the E-mails I get from infected machines.

DO NOT OPEN THE ATTACHMENTS -  Often it will be a blank .txt file and another file (its the other file that is dangerous it seems).  It can have any extension and name it is selected at random from the infected machines My Documents file.

The virus gets your address to send to either from the infected users address book or finds e-mail addresses in the cache files of browser.  Since I have two huge websites, each of which gets about 2000 different visitors a day, I suspect that is why I am getting bombarded by these E-mails.  Anyone with websites having their E-mail address is vulnerable to getting these messages in mass.

More info is at http://vil.mcafee.com/dispVirus.asp?virus_k=99141&  It is the W32/SirCam@MM virus

I am setting up a filter to bounce all messages with that first line back to the sender with a message that your machine is infected and giving some reference info as above.

Sadly  the owner of an infected machine has no idea about the infection and that he is spreading SPAM messages with the virus all over the Internet.  That is why it is spreading so fast.  Further the virus is designed to start deleting files on infected computers on October 6 and/or will fill up harddisk space by adding text entries over and over again in the new (sircam) recycle bin it creates.

- pmmail-list - The PMMail Dicussion List ---------------------------
To UNSUBSCRIBE, send a message to mdaemon@bmtmicro.com with the first 
line of the message body being...
UNSUBSCRIBE pmmail-list@blueprintsoftwareworks.com