SirCam worm threatens PC damage

Summary:Security experts warn of a fast-spreading new worm that could delete files and fill up the hard drives of infected computers.

Security experts warned Friday of a fast-spreading new worm that could delete files and fill up the hard drives of infected computers.

The worm, "W32.Sircam" or "SirCam," arrives attached to an e-mail message with a randomly chosen subject line, according to a report prepared by the AntiVirus Research Center of software maker Symantec. The body of the message is also randomly chosen, although the first and last lines are always "Hi! How are you?" and "See you later. Thanks" in the English version of the message and "Hola como estas?" and "Nos vemos pronto, gracias" in the Spanish version.

Once activated, the virus sends copies of itself to all e-mail addresses in the computer's Microsoft Outlook address book. The sent e-mail message also includes a randomly chosen document from the infected computer.

The worm has several unusual aspects, according to Symantec, including the fact that it resides in the recycle bin of the infected PC, where people may not think to search for it.

It also can perform several destructive acts based on a combination of arcane PC settings and chance. If the infected PC uses the European date format (day/month/year), for example, there is a 1-in-20 chance that the worm will delete all files and folders on the hard drive on Oct. 16.

The worm is also "network aware," Symantec reported, meaning it will search for network resources and attempt to propagate itself to attached systems.

Symantec's AntiVirus Research Center classified the worm as a "severe" threat. It said several hundred computers at a handful of sites had been infected with the worm as of Thursday evening.

Antivirus-software maker McAfee classified the worm as a "medium" risk and said 1,418 infected files had been reported in the last 30 days.

"I think this is going to keep going at least for the next week," said Alex Shipp, anti-virus researcher for e-mail-service firm MessageLabs. "The fact that it does have different subject lines and different file names will help it grow."

So far, the growth has been slow but sure, he said. On Wednesday, the company had encountered only a handful of virus-infected e-mails every hour. As of late Friday, however, there were nearly 100 every hour.

Topics: Malware, PCs, Security, Symantec

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.