Elinor Mills Abreu
SAN FRANCISCO: While the Code Red worm grabs headlines and alarms Internet
users around the world, a virus has been quietly wreaking havoc in the
background, infecting computers and sending out potentially sensitive files,
security experts said on Thursday.
The virus, dubbed Sircam, is responsible for secret documents being leaked
from the administration of Ukrainian President Leonid Kuchma this week to the
ForUm news Web site (www.for-ua.com), site operators said.
A computer at the FBI's National Infrastructure Protection Center became
infected with the virus late last month and sent some private, though not
sensitive or classified, FBI documents out in emails as a result, officials
said.
The virus, which has been rated high risk by most anti-virus vendors, was the
top-ranking virus in July, with over 38 per cent of the share of virus
infections, according to antivirus software firm, Central Command. The Sircam
infestation comes amid global concern over the Code Red worm, which spread
across the world's computer networks on Wednesday, but saw its effects blunted
by protective software patches installed on many systems.
Unlike Code Red, Sircam has received little public attention even though it
has a potential to have a far more damaging effect. After infecting a computer,
Sircam sends copies of itself to all email addresses in the address book and
exports a random file, experts said.
The virus has turned out to be both nastier and longer-lived than experts had
expected, partly because its appearance changes as it spreads, said Andy Faris,
president of MessageLabs Americas.
"It's a much more serious outbreak than most vendors originally
forecast," said Faris. "It's the single most prolific virus in our
customer base," of about 3,000 customers and 500,000 users.
Experts first detected Sircam in July and saw its first peak on July 25.
Unlike most viruses that die off after they peak, the number of computers
infected by Sircam rose again to spike anew on Tuesday, according to email
security outsourcer MessageLabs Americas, raising the possibility that it could
jump again.
About 200 different Symantec Corp. customers have reported at least 10,000
infections, said Steve Trilling, director of research. "That would vastly
underestimate the total number of infected computers," Trilling said.
"Based on what we've seen I would be surprised if Sircam had only
100,000" computer infections.
The virus does not target any specific email program, like Microsoft Corp.
Outlook, but can affect any email user because it has its own email engine,
experts said.
Aside from sending out random files, Sircam can have other harmful effects.
Trilling said that, for most infected computers, there was a one in 50 chance
the virus would fill up the hard disk drive and a one in 20 chances that it
would follow orders to delete files on Oct 16.
(C) Reuters Limited 2001.