CBC

Sircam Computer Virus Nastier than Code Red

While the Code Red worm grabs headlines and alarms Internet users around the world, a virus has been quietly wreaking havoc in the background, infecting computers and sending out potentially sensitive files. Security experts say the virus, dubbed Sircam, is responsible for secret documents being leaked this week from the administration Ukraine's President.

A computer at the FBI's National Infrastructure Protection Center became infected with the virus late last month, and sent some private, though not sensitive or classified, FBI documents out in emails..

The virus has been rated high risk by most anti-virus vendors, and was the top-ranking virus in July, responsible for more then 38 percent of all reported virus infections, according to antivirus software company Central Command.

The Sircam infestation comes amid global concern over the Code Red worm, which spread across the world's computer networks on Wednesday, but saw its effects blunted by protective software patches installed on many systems. Unlike Code Red, Sircam has received little public attention even though it has a potentially far more damaging effect.

Experts say after infecting a computer, Sircam sends copies of itself to all email addresses in the address book, and exports a random file.

Andy Faris, president of MessageLabs Americas says the virus has turned out to be both nastier and longer-lived than experts had expected, partly because its appearance changes as it spreads. Faris says, "it's the single most prolific virus in our customer base," of about 3,000 customers and 500,000 users.

Experts first detected Sircam in July and saw its first peak on July 25. Unlike most viruses that die off after they peak, the number of computers infected by Sircam rose again to spike anew on Tuesday. The virus does not target any specific email program, like Microsoft's Outlook, but can affect any email user because it has its own email engine.

-- Rachel Gibson (rgibson@hotmail.com), August 03, 2001

Answers

go visit http://www.zonelabs.com/ and get zonealarm!

I've seen over 15 infected letters.

-- (perry@ofuzzy1.com), August 03, 2001.

Now it's Sircam; what next?

-- Nancy7 (nancy7@hotmail.com), August 03, 2001.

Truly is a nasty one.. I got a few messages on my email with the virus attachment. Did not get infected though..

-- Tess (webwoman@iamit.com), August 03, 2001.

Start EVERY connection to the Internet with downloading the latest virus updates for your AntiVirus software. Lately, when using Norton AntiVirus "Live Update," new virus definitions have been served just 8 to 10 hours after the last virus definitions were downloaded.

It's getting to the point where even DAILY virus updates are no longer enough. The long term worry is that, as the number of viruses to scan for increases, the virus detection speed decreases, and/or overall CPU load while on the Internet increases. Apparently, CPU speed upgrading is not a luxury.

-- Robert Riggs (rxr.999@worldnet.att.net), August 04, 2001.

Hi friends, I am protected as well as anyone could possibly be what with the newest zonealarm, na 2001, and a few other little programs. But you are so right robert. Getting to the point where I just dread going online for fear of some "goodie" in my mail waiting on me. The only virus I have ever had sent to me was the latest dreaded Sircam. Never opened the attachment, but you know, from what I've read about it, it seems like more are having trouble with this than code red 1,2, or 3! Just a side note here.. I have had so many alerts on zonealarm in the past 2 days! Thought it was just me experiencing it but come to find out everyone is getting the "ping".

-- Tess (webwoman@iamit.com), August 06, 2001.