Date: Thu, 2 Aug 2001 20:02:50 +1200
Reply-To: Andrew Grebneff <andrew.grebneff@STONEBOW.OTAGO.AC.NZ>
Sender: Vanagon Mailing List <vanagon@gerry.vanagon.com>
From: Andrew Grebneff <andrew.grebneff@STONEBOW.OTAGO.AC.NZ>
Subject: Re: Not Vanagon, a virus warning.
Content-Type: text/plain; charset="us-ascii"
>I recently got a virus from either the type2 list or the vanagon list.
>It came as an attachment to an E-mail and I'm not sure if it attached
>itself to outgoing mail or not.
>The virus name is w32/SirCam.gen@MM, it came to me on July 23, 2001 ay
>10:39 AM.
>The file size is 137,216.
>It corrupts or creates a file in the Windows/system or Windows/system32
>directory.
>The file to look for is SCam32.exe
>You should run your virus program if you've gotten pmail from me.
>If you find this file is infected you can get a stand alone fix from
>McAfee named scrmove2.zip that effectively removes the virus.
Several times every week I'm getting the Sircam virus sent to me by various
addresses I've never seen; apparently all are originating from one
location. My server strips viruses automatically and notifies both me and
sender.
Message I get from my server each time are similar to this:
Date: Wed, 1 Aug 2001 05:08:35 +1200
From: root <root@mailhub1.otago.ac.nz>
To: andrew.grebneff@stonebow.otago.ac.nz
Subject: BLOCKED DELIVERY OF EMAIL FROM oskarsdo@ecn.purdue.edu
BLOCKED DELIVERY OF EMAIL FROM oskarsdo@ecn.purdue.edu
Our email scanner has detected a VIRUS in an email destined for you.
This email has been stopped. The sender will receive a notification of
this message.
The virus scanner revealed...
>>> Virus 'W32/Sircam-A' found in file
>>>/apps/inflex/tmp/inflex12868/unpacked/JOB01.DOC.bat
End.
-----------------------------
I asked where these viruses are being sent from and this was the reply:
-----------------------------
X-Sender: st014557@brandywine.otago.ac.nz
Mime-Version: 1.0
Date: Tue, 31 Jul 2001 09:03:03 +1200
To: andrew.grebneff@stonebow.otago.ac.nz (Andrew Grebneff)
From: ITS HelpDesk <helpdesk@stonebow.otago.ac.nz>
Subject: Re: Viruses being sent
Hi Andrew,
The virus is coming from mintunz@cdsnet.net but us being blocked at the
university mail hub. From the email address I am unable to tell you the
name of the person that sent the email to you but can tell you it came rom
http://www.cdsnet.net/ which runs a webmail system simular to hotmail etc.
Regards,
Emerson.....
=========================================================================
ITS HelpDesk
Information Technology Services
University of Otago Phone: (03) 479-8888 or 0800 479-888
P.O. Box 56 Fax: (03) 479-8577
Dunedin, E-Mail: helpdesk@otago.ac.nz
New Zealand web page: www.otago.ac.nz/helpdesk
** Please address all correspondence to this address, not the signatory **