Sircam (computer worm)
Encyclopedia
Sircam is a computer worm
that propagates by e-mail
from Microsoft Windows
systems. It begins with one of the following lines of text and has an attachment consisting of the worm's executable with some file from the infected computer appended.
Due to a bug in the worm, the message was rarely sent in any form other than "I send you this file in order to have your advice." This subsequently became an in-joke among those who were using the Internet at the time, and were spammed
with e-mails containing this string sent by the worm.
Sircam was notable during its outbreak for the way it distributed itself. Document files (usually .doc or .xls) on the infected computer were chosen at random, infected with the virus and emailed out to email addresses in the host's address book. Opening the infected file resulted in infection of the target computer. During the outbreak, many personal or private files were emailed to people who otherwise should not have gotten them.
It also spreads via open shares on a network. Sircam scans the network for computers with shared drives and copy itself to a machine with an open (non-password protected) drive or directory. A simple RPC (Remote Procedure Call) is then executed to start the process on the target machine, usually unknown to the owner of the now-compromised computer.
Over a year after the initial outbreak, Sircam was still in the top 10 on virus charts.
Computer worm
A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach...
that propagates by e-mail
E-mail
Electronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...
from Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
systems. It begins with one of the following lines of text and has an attachment consisting of the worm's executable with some file from the infected computer appended.
- I send you this file in order to have your advice
- I hope you like the file that I send you
- I hope you can help me with this file that I send
- This is the file with the information you ask for
- Te mando este archivo para que me des tu punto de vista
- Espero te guste este archivo que te mando
- Espero me puedas ayudar con el archivo que te mando
- Este es el archivo con la informacion que me pediste
Due to a bug in the worm, the message was rarely sent in any form other than "I send you this file in order to have your advice." This subsequently became an in-joke among those who were using the Internet at the time, and were spammed
E-mail spam
Email spam, also known as junk email or unsolicited bulk email , is a subset of spam that involves nearly identical messages sent to numerous recipients by email. Definitions of spam usually include the aspects that email is unsolicited and sent in bulk. One subset of UBE is UCE...
with e-mails containing this string sent by the worm.
Sircam was notable during its outbreak for the way it distributed itself. Document files (usually .doc or .xls) on the infected computer were chosen at random, infected with the virus and emailed out to email addresses in the host's address book. Opening the infected file resulted in infection of the target computer. During the outbreak, many personal or private files were emailed to people who otherwise should not have gotten them.
It also spreads via open shares on a network. Sircam scans the network for computers with shared drives and copy itself to a machine with an open (non-password protected) drive or directory. A simple RPC (Remote Procedure Call) is then executed to start the process on the target machine, usually unknown to the owner of the now-compromised computer.
Over a year after the initial outbreak, Sircam was still in the top 10 on virus charts.