FW: Sircam infects the Feds
Peter Tomlinson
pwt at iosis.co.uk
Mon, 30 Jul 2001 22:18:07 +0100
Symantec (Norton) have just replied to my query with the news that they
cannot yet detect the SirCam virus in a MIME encoded file - but they promise
that they will catch it if I try to move or copy or open the attached file.
But a file with a double extension (.doc.pif in my case) is fairly easy to
spot.
Peter T
Bristol UK
----- Original Message -----
From: "T Bruce Tober" <octobersdad@reporters.net>
To: <ukcrypto@chiark.greenend.org.uk>
Sent: Friday, July 27, 2001 11:14 PM
Subject: Re: FW: Sircam infects the Feds
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> In message <3B618CB8.5513890C@solid-state-logic.com>, Martin hepworth
> <martinh@solid-state-logic.com> writes
> >I note that Sophos put out an alert and update 18th July. The whole
> >thing went crazy 25th. So everyone had 6 days to update their AV
> >technology to catch this before it hit bad. Shame on the feds for not
> >doing basic stuff.
>
>
> OTOH, AV software isn't perfect:
>
> Symantec fails to stop SirCam
> By John Leyden
> Posted: 27/07/2001 at 12:30 GMT
>
> http://www.theregister.co.uk/content/56/20696.html
>
> The SirCam worm has revealed weaknesses in anti-virus protection relied
> on by many firms as a first line of defence against viral infection.
> It's been discovered that both Baltimore Technologies MIMEsweeper
> content filtering software and Symantec's perimeter protection product,
> Norton Antivirus for Gateways v2.x, fail to block the prolific virus.
> Norton Antivirus for Gateways fails to see email with attachments
> contaminated by the virus, even if the correct settings have been
> applied and the latest versions of virus-identfying signature files have
> been downloaded.
> - --
>
> | Bruce Tober, <octobersdad@reporters.net> ,
<http://www.star-dot-star.co.uk> |
> *.* *.* *.*
*.*
>
> | Birmingham, UK, EU +44-780-374-8255 (Mobile) +44-1562-638-704
(Landline) |
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPsdk version 1.7.1
>
> iQA/AwUBO2HnuElMGg3Z3q20EQL29QCg7MQY3DrsVe5quPdkXTsW9kqc27kAmwQV
> 5Z+0huytbXgDjlz4lJLOw5S1
> =G36I
> -----END PGP SIGNATURE-----
>
>
>