Preventing SirCam From Worming Through Your Server

M.A. Dockter

This time of year is perfect for fishing, especially for me. And it’s not just because the ice is melted and I’m an open water fisherman from Wisconsin, but also because I administer servers.

Every day for the past week or so, I have received 25 to 30 e-mails in my inbox that all begin the same: “Hi! How are you?” Most likely you too have received these e-mails, and if you haven’t you’ve probably seen them documented somewhere.

For those who have not yet seen W32Sircam, we describe the latest widespread e-mail virus (disseminated in Spanish as well as English). The subject line of the infected e-mail is random, based on the name of the file that is attached. The body will resemble this:

These e-mails, and others like them, are the product of an e-mail-based worm — AKA a server administrator’s worst nightmare. Usually worms are bait for fishing, and on languid sunny days I think of worms in such a way. However, my job requires me to seek and destroy the most friendly of fishing annelids that pass through my server to clog up bandwidth and cause potential security breeches.

What makes SirCam particularly potent is that it is a worm with its own SMTP engine, and it loves to spread like wildfire. SirCam sends a random document from the user’s PC with a file extension added to it, .bat, .com, .lnk or .pif. Once a PC is infected, it will search for networked computers and spread itself through Windows file sharing. Typical virus scanners are not equipped to stop it from spreading.

The worm will not run indefinitely; after running 8,000 times, it will stop functioning on the host computer.

Thus, SirCam is becoming as big as “I Love You” or “Melissa” in terms of infection. Symantec has upgraded this worm’s threat level to 4 on a 5-point scale.

Adding to the potential damage is that users whose PCs are infected with the worm have a supposed 1 in 20 chance of having their hard drives wiped on October 16, 2001, if they use a Day/Month/Year format for dating files.

Preventing the Damage

Obviously, prevention is the best medicine when dealing with worms and other virus types.

Most importantly, DO NOT open any attachments that come with an e-mail that says “Hi! How are you?” and make it clear that users SHOULD NOT open any such messages.

In addition, like with all with mass virus scares, it is important to update your virus scanners with the most recent virus definition files. Generally, these definitions are available on the Web site of the vendor that developed the virus scanner. Almost all major vendors already have a virus definition file that will detect and eliminate any instances of SirCam. However, these will not fix an already infected system.

GFI offers a virus scanning solution aimed toward future similar infections: an e-mail content checking gateway at the mail server level. GFI claims its solution is capable of warding off SirCam and other similar viruses.

Removing SirCam

If your organization should get infected by SirCam, the removal process can be nerve racking and hair splitting. Manual removal requires knowledge of DOS commands and file attributes. A complete guide on how to remove SirCam can be found at http://www.antivirus.com/vinfo/virusencyclo/default5.asp?Vname=_TROJ_SIRCAM.A.

Antivirus.com offers a DOS program file that will do most of the dirty work, including scanning and file deletion.

If you’re really pressed for time, programs are available that will remove a virus or worm from your system. I find that in the long run, however, it is far more effective to invest money up front in preventing viruses, as that reduces the time required for removing them and other costs on the back end.

This story first appeared on ServerWatch, an internet.com site.

RELATED NEWS AND ANALYSIS

• Ethics and Artificial Intelligence: Driving Greater Equality

  FEATURE |  By James Maguire,
  December 16, 2020

• AI vs. Machine Learning vs. Deep Learning

  FEATURE |  By Cynthia Harvey,
  December 11, 2020

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2021

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020