Sybari Reports SIRCAM Virus Makes High Risk Status; Antigen Worm Purge & File Filtering Feature Ensures User Protection From This Latest E-mail Worm Virus.Business/High Tech Editors EAST NORTHPORT East Northport, uninc. residential town (1990 pop. 20,411), Suffolk co., SE N.Y., on the north shore of Long Island. , N.Y.--(BUSINESS WIRE)--July 24, 2001 Sybari Software, Inc., the premier developer of Antigen, a comprehensive antivirus, content-management, and e-mail security solution for Microsoft Exchange Messaging and groupware software for Windows from Microsoft. Exchange Server is an Internet-compliant e-mail system that runs under Windows NT/2000 and Windows Server 2003. It can be accessed by Web browsers, the Exchange client, versions of Outlook and the earlier Windows Inbox. and Lotus Domino/Notes environments, today reports on the e-mail virus A virus that comes within an attached file in an e-mail message. When that file is opened, the virus does its damage. Macro viruses can come in Microsoft Word documents that are sent as e-mail attachments. known as "SIRCAM" which has been raised to a high risk virus. This latest e-mail virus threat is no match for Sybari's Antigen. Antigen's Worm Purge and File Filtering features will score high-marks with Antigen users. "Our users stand protected against this virus with Antigen Worm Purge(TM)," said Joe Licari, director of product management for Sybari Software, Inc. "By enabling Worm Purge and updating to the latest antivirus signature files, administrators can depend on Antigen to automatically purge all e-mail messages carrying this high-risk worm," continued Licari. As with Antigen File Filtering (AFF AFF Affectionate AFF Affirmative AFF Adult FriendFinder (website) AFF American FactFinder (US Census data retrieval system) AFF Accelerated Free Fall (type of skydiving training) ) technology, which enables administrators to filter e-mail attachments by filename file·name also file name n. A name given to a computer file to distinguish it from other files, often containing an extension that classifies it by type. , wildcards, and by file type, Antigen Worm Purge(TM) is designed to be a proactive tool to prevent new worm threats from spreading before scan engines are updated. Attachment names for worm generated messages can also be placed in the File Filter list under the File Filtering panel for purging as they enter or exit the message stream. Antigen File Filtering (AFF) enables you to filter an e-mail attachment by filename, with wildcards, and by file type. This unique feature will delete and/or quarantine file attachments meeting the filter criteria of messages entering or exiting groupware Software that supports multiple users working on related tasks in local and remote networks. Also called "collaborative software," groupware is an evolving concept that is more than just multiuser software which allows access to the same data. environments. Attachments may be scanned by actual name (such as Sircam or Worm) or by file type (.com, .baf, .exe, etc.). If files are sent in a ZIP archive, AFF will scan each file enclosed in the archive. Once a matching file is detected, AFF will automatically delete or quarantine it depending on the criteria specified by the administrator. The intended recipient will then receive a notification message alerting them that the file was deleted or quarantined. If a file is quarantined, a copy will be kept and may be opened by the administrator. The administrator also has the option to forward the quarantined attachment to the intended recipient after being reviewed.
POSTED ALERT
W32/Sircam@mm
July 20, 2001
W32/Sircam-A, Backdoor.SirCam, WIN32/SIRCAM.WORM
E-mail Characteristics
E-mail Subject:
Random Filename
E-mail Body:
Spanish:
Hola como estas?
Te mando este archivo para que me des tu punto de vista
Espero te guste este archivo que te mando
Espero me puedas ayudar con el archivo que te mando
Este es el archivo con la informacion que me pediste
Nos vemos pronto, gracias.
English:
Hi! How are you?
I hope you can help me with this file that I send
I send you this file in order to have your advice
I hope you like the file that I send you
This is the file with the information that you ask for
See you later. Thanks
Attachment Names:
SIRC32.EXE, SCam32.exe, emailed attachments are randomly named
Description
This is an email aware worm; it will normally appear as a file
with double extension, like .doc.com, .xls.pif, etc. The last
extension will be one of the following: COM, EXE, BAT, PIF, and LNK.
The worm executable is really prepended to a document,
spreadsheet, or zip file from an infected person. That file will be
written to disk and opened when the worm is executed so it seems like
the mail contained an innocent attachment. This functionality may
cause sensitive user data to be sent out.
The subject line contains only the file name of the attached file.
Depending on language versions, the message body will be in English or
Spanish.
The message body is composed of several lines that are slightly
randomly mixed.
This worm can be rather destructive. The destructive routine
activates October 16th, and will in some cases delete all files on the
C: drive.
Delivery:
As mentioned the worm copies itself over shared network drives as
well. In those cases it copies the SIRC32.EXE file over to the remote
drive, and also, if possible, replaces the RUNDLL32.DLL on the remote
machine with itself. The original RUNDLL32.EXE is copied to RUN32.EXE.
It may also copy itself to other file names. It may also attempt to
add a reference to itself in the AUTOEXEC.BAT file.
Joe Licari, Director of Product Management of Sybari Software,
Inc. is available today to discuss this latest worm virus, providing
insight on:
-- What could have been done to prevent the spread of this virus.
-- How companies can protect themselves from viruses prior to
virus definitions being available.
-- What companies should do if their networks are or become
infected.
-- What other kinds of intrusions are likely to strike
corporations.
If transferring these types of files is not part of your day-to-day business, Sybari recommends that you create a file filter rule for all files that end with the extensions .exe, .com, .bat, .pif, and .lnk. Currently, Sybari has not reported any outbreaks. To protect your environment from this new variant, and for information on other variants, please add the Sybari website: http://www.sybari.com to your browser Favorites. ABOUT SYBARI Since 1995, Sybari has the led the market in providing innovative solutions to groupware-based virus and security threats. Today, over 5 million Microsoft Exchange/Outlook and Lotus Domino/Notes seats are virus-free as a direct result of Sybari's Antigen technology. Sybari's Antigen is unsurpassed in providing protection of corporate messaging environments. Antigen's unique architecture institutes a preemptive pre·emp·tive or pre-emp·tive adj. 1. Of, relating to, or characteristic of preemption. 2. Having or granted by the right of preemption. 3. a. line of defense from viruses and malicious code. Antigen for Microsoft Exchange and Antigen for Lotus Domino are distributed in more than 50 countries through Sybari's worldwide locations and distribution network. Sybari is headquartered in East. Northport, New York Northport is a village in Suffolk County, New York on the North Shore of Long Island. As of the United States 2000 Census, the village population was 7,606. Students attend the Northport-East Northport Union Free School District. with its International headquarters in Madrid, Spain. Sybari's clients include IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) , Amazon.com, Cable & Wireless, Compaq, Con Edison, Dell, Deloitte & Touche, Eastman Chemical, Getronics, JD Power, Lufthansa, Mayo Foundation, Merrill Lynch Merrill Lynch & Co., Inc. (NYSE: MER TYO: 8675 ), through its subsidiaries and affiliates, provides capital markets services, investment banking and advisory services, wealth management, asset management, insurance, banking and related products and services on a global basis. , Nortel, Pirelli, Sony, Target, Texaco, Tosco, Union Pacific, US Federal Government, and Visa. Sybari's many strategic partners include Lotus Development (NYSE NYSE See: New York Stock Exchange :IBM), Microsoft (NASDAQ NASDAQ in full National Association of Securities Dealers Automated Quotations U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on :MSFT MSFT Microsoft (stock symbol) MSFT Movimento Sociale Fiamma Tricolore (Italy) MSFT Multi-Stage Fitness Test MSFT Master of Science in Family Therapy MSFT Macalester Students for Fair Trade ), Computer Associates (NYSE:CA), Compaq (NYSE:CPQ CPQ Compaq CPQ Conseil du Patronat du Québec (Canada) CPQ Configure-Price-Quote CPQ Conseil de Presse du Québec (Québec Press Council, Canada) CPQ Companion Parrot Quarterly ), and Sun Microsystems Sun Microsystems, Inc. (NASDAQ: JAVA[3]) is an American vendor of computers, computer components, computer software, and information-technology services, founded on 24 February 1982. (NASDAQ:SUNW SUNW Sun Microsystems, Inc (former stock symbol; now JAVA) SUNW Stanford University Network Workstation (Sun Microsystems, Inc) ). Other products and company names mentioned herein may be trademarks of their respective owners. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion