Advertisment

Sircam virus still spreading havoc

author-image
CIOL Bureau
Updated On
New Update

Elinor Mills Abreu

Advertisment

SAN FRANCISCO: While the Code Red worm grabs headlines and alarms Internet

users around the world, a virus has been quietly wreaking havoc in the

background, infecting computers and sending out potentially sensitive files,

security experts said on Thursday.

The virus, dubbed Sircam, is responsible for secret documents being leaked

from the administration of Ukrainian President Leonid Kuchma this week to the

ForUm news Web site (www.for-ua.com), site operators said.

A computer at the FBI's National Infrastructure Protection Center became

infected with the virus late last month and sent some private, though not

sensitive or classified, FBI documents out in emails as a result, officials

said.

Advertisment

The virus, which has been rated high risk by most anti-virus vendors, was the

top-ranking virus in July, with over 38 per cent of the share of virus

infections, according to antivirus software firm, Central Command. The Sircam

infestation comes amid global concern over the Code Red worm, which spread

across the world's computer networks on Wednesday, but saw its effects blunted

by protective software patches installed on many systems.

Unlike Code Red, Sircam has received little public attention even though it

has a potential to have a far more damaging effect. After infecting a computer,

Sircam sends copies of itself to all email addresses in the address book and

exports a random file, experts said.

The virus has turned out to be both nastier and longer-lived than experts had

expected, partly because its appearance changes as it spreads, said Andy Faris,

president of MessageLabs Americas.

Advertisment

"It's a much more serious outbreak than most vendors originally

forecast," said Faris. "It's the single most prolific virus in our

customer base," of about 3,000 customers and 500,000 users.

Experts first detected Sircam in July and saw its first peak on July 25.

Unlike most viruses that die off after they peak, the number of computers

infected by Sircam rose again to spike anew on Tuesday, according to email

security outsourcer MessageLabs Americas, raising the possibility that it could

jump again.

About 200 different Symantec Corp. customers have reported at least 10,000

infections, said Steve Trilling, director of research. "That would vastly

underestimate the total number of infected computers," Trilling said.

"Based on what we've seen I would be surprised if Sircam had only

100,000" computer infections.

Advertisment

The virus does not target any specific email program, like Microsoft Corp.

Outlook, but can affect any email user because it has its own email engine,

experts said.

Aside from sending out random files, Sircam can have other harmful effects.

Trilling said that, for most infected computers, there was a one in 50 chance

the virus would fill up the hard disk drive and a one in 20 chances that it

would follow orders to delete files on Oct 16.

(C) Reuters Limited 2001.

tech-news