~~~~~~~Forum Diskusi Software dan Internet untuk Kristen-Katolik~~~~~~~
Dear All in Christ,
Bersama dengan ini saya copykan email pemberitahuan
dari Milis Vaksin tentang munculnya virus jenis baru yang
namanya "SirCam", silakan disimak dan dicermati...........
Email ini terdiri dari dua bagian:
1. Info tentang bagaimana cepatnya penyebaran virus SirCam ini
2. Info tentang apa sih virus SirCam, apa tanda-tandanya dan
bagian komputer apa yang bisa dirusaknya.
Semoga bermanfaat untuk semuanya.
Salam,
BG
------------------------------------------------------------------------
BAGIAN 1
==========
July 20, 2001
Sampai dengan hari Jum'at 20 Juli 2001, infeksi Virus Sircam meningkat
dengan sangat cepat. Pada awalnya Sircam diduga tidak akan menyebar dengan
cepat sehingga para vendor antivirus memberikan rating resiko sedang /
medium risk. Tetapi melihat perkembangan penyebaran virus ini sampai hari
Jum'at 20 Juli 2001 para vendor antivirus sepakat untuk memasukkan Sircam
sebagai virus beresiko tinggi / High Risk.
Virus Sircam mempunyai kharakteristik penyebaran yang mirip Magistr /
Hybris, makin lama akan makin banyak penyebarannya. Tidak seperti Kournikova
yang penyebarannya sangat luarbiasa pada saat munculnya tapi kemudian
menurun dengan drastis dalam beberapa hari.
Salah satu hal yang sangat mengganggu dari virus ini adalah virus ini akan
mengambil file dari folder My Documents anda dan mengirimkannya ke
alamat-alamat di address book / cache. Jika My Documents anda berisi file
konfidensial, siap-siap saya terkirim ke kompetitor anda tanpa anda ketahui.
Virus ini sulit untuk dihindari jika anda belum menginstall program
antivirus karena ia dapat merubah subjek dan attachmentnya.
Jika anda mempunyai antivirus, segera update definisi virusnya supaya dapat
mengenali virus ini.
salam,
Kontributor Vaksin.com
Alfons Tanujaya
-- www.vaksin.com --
Certified :
~~~~~~~~~~~~~~~~~~~
~~|VIRUS OUTSIDE|~~
~~~~~~~~~~~~~~~~~~~
Norman Antivirus
by : vaksin.com
Call (021)600-0321
Antivirus Solution
-- www.vaksin.com --
===============================================
BAGIAN 2
============
Certified :
~~~~~~~~~~~~~~~~~~~
~~|VIRUS OUTSIDE|~~
~~~~~~~~~~~~~~~~~~~
Norman Antivirus
by : vaksin.com
Call (021)600-0321
Antivirus Solution
-- www.vaksin.com --
W32/Sircam-A
Aliases W32.Sircam.Worm@mm, W32/SirCam@mm, Backdoor.SirCam
Source : http://antivirus.about.com/library/weekly/aa071801a.htm
http://www.virus.com
Jangan menyimpan file penting / rahasia seperti Price List, Password,
Laporan Keuangan Perusahaan di folder "My Documents", bisa-bisa informasi
rahasia anda / perusahaan anda dikirimkan ke kompetitor anda tanpa
sepengetahuan anda. Setelah virus Magistr dan Badtrans yang terkadang
mengambil file dari attachment mail / harddisk dan mengirimkan ke seluruh
alamat di MS Outlook atau Outlook Express, sekarang muncul virus baru dengan
nama Sircam yang akan mengirimkan file dari direktori "My Documents" ke
alamat-alamat pada Address Book dan Cache.
Virus yang berukuran 150 KB ini datang dengan :
Subject: Nama Dokumen (Tanpa Extensi)
From: [[EMAIL PROTECTED]]
To: [[EMAIL PROTECTED]]
Attachment: Bervariasi, tergantung nama file My Document
Hi! How are you?
I send you this file in order to have your advice
See you later! Thanks
File yang di jadikan lampiran bervariasi, tergantung nama file di direktori
My Documents.
Jika attachment dijalankan, virus ini akan merubah beberapa registri
sehingga akan dijalankan secara otomatis pada saat windows dimulai dan
mengkopikan dirinya dengan nama scam32.exe. Virus ini juga akan menyebarkan
dirinya lewat network dan menkopikan diri dengan nama rundll32.exe.
In English :
W32/Sircam-A is a network-aware worm. The worm spreads via email and by
using open network shares. The worm arrives in an email with a random
subject and body text. The attached filename is also randomly chosen, but it
has a double extension (for instance, .doc.com or .mpg.pif).
If the attachment is opened, the worm copies itself into the Windows System
directory with the filename scam32.exe. The worm also copies itself as a
file called sirc32.exe to the Recycled files directory with its file
attributes set to hidden. The worm changes the registry key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services\Driver32
so that it runs on Windows startup. The registry key:
HKLM\SOFTWARE\Classes\exefile\shell\open\command
is also changed so that the worm runs before any other executable file is
opened. If the worm finds any open network share, it will attempt to copy
itself into the Windows directory on the machine with an open share, with
the filename rundll32.exe. The original rundll32.exe file is renamed to
run32.exe. If this is successful, the worm changes the file autoexec.bat so
that it includes a command to run the worm file previously dropped to the
Windows directory.
The worm contains its own SMTP routine, which is used to send email messages
to email addresses found in the Windows address book and the temporary
internet folder, where cached internet files are kept.
When a recipient opens this attachment, his system gets infected and then
the included document is displayed. This way the worm's activity is
disguised. Messages sent by the worm look like this:
Subject: Document file name (without extension)
From: [[EMAIL PROTECTED]]
To: [[EMAIL PROTECTED]]
Hi! How are you?
I send you this file in order to have your advice
See you later! Thanks
http://antivirus.about.com/library/weekly/aa071801a.htm
In Microsoft� Windows, the 'My Documents' folders is one of the most
accessible, whether from the desktop, Windows Explorer, or the default save
to location in many programs. As a result, many use it as a repository for
all their data files - even those which contain sensitive or confidential
information. This practice has never been a good idea as it gives
ill-intentioned intruders a virtual roadmap to your personal and work
output. The SirCam worm takes the vulnerability one step further, using the
contents of the folder to package and disguise itself to others.
Sircam, (a.k.a. I-Worm.Sircam, W32.Sircam, and W32/SircCam) mass mails
itself using addresses found in the Windows Address Book and in cached email
addresses found on the system. The attachment it sends is a compilation of
its infection routine and a file found in the My Documents folder. The
original name of the file is left intact, with an executable extension
appended to it. For example, .PIF, .COM, or .EXE would be added to the
orginal filename, thus myphoto.jpg would become myphoto.jpg.exe. Users who
did not have file extension viewing enabled would see only the original
extension and in the example above, could be tricked into believing an
executable file was actually a harmless image file.
The worm then mails itself in an email with following message body:
Hi! How are you?
I send you this file in order to have your advice
See you later! Thanks
The subject line of the email is the name of the orginal file. When the
infected attachment is executed, whatever file was "lifted" from the
sender's My Document folder is displayed, thus disguising the SirCam worm's
actions. This is particularly risky, as an infected user who stores
confidential data in the My Documents folder could easily find proprietary
and sensitive data mass-mailed to others.
SirCam then copies itself to the Recycle Bin, C:\recycled\SirC32.exe, in an
attempt to avoid detection by some antivirus scanners. The worm modifies the
registry, [HKEY_CLASSES_ROOT\exefile\shell\open\command], so that the worm
is run first when any .EXE on the system is run. This method makes improper
removal of the worm a dangerous proposition. If the worm is deleted before
the registry modification is corrected, no .EXE on the system will run.
Kirimkan email ke :
[EMAIL PROTECTED] untuk bergabung
[EMAIL PROTECTED] untuk mengundurkan diri
[EMAIL PROTECTED] untuk berita / Posting
Ingat vaksin.com untuk mendapatkan Solusi Antivirus yang Baik, Mudah dan Andal
------ Hemat Bandwith : Hapus pesan yang tidak perlu sebelum reply ------
SUBSCRIBE---> To: [EMAIL PROTECTED], Isi/Body: kosong
UNSUBSCRIBE---> To: [EMAIL PROTECTED], Isi/Body: kosong
Moderator: Ronny <[EMAIL PROTECTED]>, Alex <[EMAIL PROTECTED]>
Web : http://hub.xc.org/cgi-bin/lyris.pl?enter=i-kan-software
