Computer virus preys on private documents

Published 12:00 am Thursday, July 26, 2001

News Editor

Internet and e-mail users need to be on alert for the newest computer virus -  the W32.Sircam.Worm@mm Worm.

The worm/virus is transmitted through files attached to e-mails.

Sign up for our daily email newsletter

Get the latest news sent to your inbox

"The basic behavior of the virus is it is contained in attachments on e-mails," said Ken Jordan, an engineer with Troy Cablevision. "People get curious when they see the attachment and open it. If they are not running an updated auto protection virus scan the worm is downloading while they are reading the e-mail."

The e-mail containing the infected attachment is disguised in what seems like a friendly, harmelss message, sometimes from recognizable addresses. Do not open attachments in e-mails containing the following information:

Hi! How are you! I send you this file in order to have your advice

I hope you can help me with this file that I send

I hope you like the file that I send to you

This is the file with the information that you ask for

See you later. Thanks

Jordan said while the e-mail is being read the worm writes itself into the Windows registry and sets up its own e-mail server, taking e-mail addresses from address books, recent e-mails and any other e-mail addresses it can find.

"The virus attaches itself to documents, text, Excel documents, movie files, picture files and other files in the MY DOCUMENTS folder and sends them to e-mail addresses found in the computer," Jordan said.

What makes the virus difficult to detect is that the subject line can contain random subjects and cannot be recognized until the e-mail is opened. Since the virus attaches itself to documents in the computers, personal and private documents can be sent to addresses in the computer.

To protect against the W32.Sircam Internet and e-mail users need to have an updated version of an auto protection virus scan, advised Jordan.

"The only problem with the virus scan is that people use it and think they have gotten rid of the virus," he said. "If they don’t clean out the registry entry the virus is still in there."

The virus, which is believed to have started in Mexico, is a more advanced version of the Love Bug virus and Anna Kournikova worm. The virus is a problem nationwide and has also been detected in Europe.

"It started here Friday," Jordan said. "That’s when I got the first e-mail and it has spread like wildfire."

Even though the virus does not seem to be as fatal as some, Jordan said the end result could be troublesome.

"If it gets bad enough and the file attachment gets large enough it can slow servers to a halt," he said. "If it gets really bad it can completely shut down the server or the provider will be forced to shut down the server."

Since the virus is set up to run with Windows, MacIntosh/Apple computers do not seem to be having problems, but Jordan advises if anyone receiving the message to refrain from clicking on the attachment.

Jordan said he believes this is just the first of many viruses to crop up this year.

"I’m afraid there are many more to follow," he said. "Industry experts have said this is a big year for them. They best advice I have is to have an updated virus scan program."

A link to download the W32.Sircam removal tool is located on the Troy Cablevision website at