World leader latest victim of 'Sircam' virus
By Richard Stenger
(CNN) -- A sneaky computer bug that likes to steal personal files and scatter them over the Internet seems to have claimed a high-profile casualty: the Ukrainian president.
The "Sircam" virus, a rogue application that has spread to most countries, was responsible for the public release of the guarded schedule of President Leonid Kuchma, according to a news Web site in the Ukraine.
"The Sircam virus that struck the computers of the administration of the president continues to bombard the editorial staff of the ForUm," the Russian language media outlet reported.
The sensitive file contained detailed information about the itinerary of Kuchma and other political leaders, including activities later this month when the country celebrates its 10th anniversary of independence.
The schedule of the president is generally a highly protected secret.
Sending your resume, the hard way
Although the "Code Red" worm has recently made headlines around the globe, Sircam, since first being detected in July, has become the most widespread bug on the Net, according to some computer security experts.
"Sircam is now the all-time number one virus detected by MessageLabs (and the) figures show no sign of abating," said the UK-based company, which specializes in content filters for e-mail on the Internet.
The application, which mostly spreads via e-mail attachments, has resisted attempts by the anti-virus industry to detect and disinfect it.
Computer users with infected machines have complained that the bug had eluded updates from Symantec and Norton Anti-virus.
Symantec, which released a second Sircam patch on July 24, upgraded the bug this week to the second highest danger category, a four out of a possible five.
Anti-virus companies Trend Micro and F-Secure are also warning users about the continued proliferation of Sircam.
The slippery virus infiltrates computers running Windows, grabs random documents from the hard drive, and sends them as an attachment to all e-mail addresses in the address book.
The subject line and text of the infected e-mails change with every new assault. Embarrassed victims have discovered to their horror that such private documents as resumes, photos, personal letters and business expense forms appear before the eyes of total strangers.
"I got an e-mail attachment from a person I didn't know, with a couple of attachments. I often get e-mail for my brother and assumed it was something for him. I forwarded it but opened it first. It was a resume or something and I thought it was an e-mail sent to the wrong address," said Paul Birkett of Vancouver, British Columbia.
Birkett said he avoided major problems but had to re-write his system registry to clean his computer.
English, Spanish variations
There are some ways to spot Sircam. The e-mail text always begins with 'Hi! How are you?" and always ends with "See you later. Thanks."
The middle text varies but consists of one of the following sentences: "I sent you this file in order to have your advice. I hope you can help me with this file that I send. I hope you like the file that I send you. This is the file with the information that you asked for."
A Spanish language version of Sircam is also making the Internet rounds.
In contrast to conventional viruses, Sircam can also travel on its own like a worm, using an internal mail program to spread via shared network drives.
Besides embarrassment, more permanent harm can result. The bug includes a time bomb, set to go off on October 16, which, in rare instances, could destroy many or all computer files.
Most anti-virus companies offer instructions on how to remove it from an infected computer.
-- CNN's Victoria Kalinin contributed to this report.
|Back to the top|