Sircam

Computer Worm attacking Windows 95, 98, and Millennium

Sircam
Common name	Sircam
Technical name	W32.Sircam.Worm@mm^[1]
Type	Computer worm
Operating system(s) affected	Windows 95, Windows 98, Windows Me

Sircam is a computer worm that first propagated in 2001 by e-mail in Microsoft Windows systems. It affected computers running Windows 95, Windows 98, and Windows Me (Millennium). It began with one of the following lines of text and had an attachment consisting of the worm's executable with some file from the infected computer appended:

I send you this file in order to have your advice
I hope you like the file that I sent you

I hope you can help me with this file that I send
This is the file with the information you ask for
Te mando este archivo para que me des tu punto de vista^[2] (in Spanish)
Espero te guste este archivo que te mando
Espero me puedas ayudar con el archivo que te mando
Este es el archivo con la informacion que me pediste

Due to an error in the worm, the message was rarely sent in any form other than "I send you this file in order to have your advice." This subsequently became an in-joke among those who were using the Internet at the time, and were spammed with e-mails containing this string sent by the worm.

Sircam was notable during its outbreak for the way it distributed itself. Document files (usually .doc or .xls) on the infected computer were chosen at random, infected with the virus and emailed out to email addresses in the host's address book. Opening the infected file resulted in infection of the target computer. During the outbreak, many personal or private files were emailed to people who otherwise should not have received them.

It could also spread via open shares on a network. Sircam scanned the network for computers with shared drives and copied itself to a machine with an open (non-password protected) drive or directory. A simple RPC (Remote Procedure Call) was then executed to start the process on the target machine, usually unknown to the owner of the now-compromised computer.

Over a year after the initial 2001 outbreak, Sircam was still in the top 10 on virus charts.

References

^ "W32.Sircam.Worm@mm". Symantec. Archived from the original on 2010-12-05. Retrieved 2010-11-24.
^ "Win32/SirCam". ESET. Archived from the original on 2013-04-09. Retrieved 2013-02-09.

Hacking in the 2000s

← 1990s

Timeline

2010s →

Incidents

2004	Titan Rain (2003–2006) Operation Firewall
2005	Sony BMG copy protection rootkit scandal
2007	Cyberattacks on Estonia Operation: Bot Roast
2008	Project Chanology Cyberattacks on Georgia Sarah Palin email hack US military cyberattack
2009	Operation Troy Operation Aurora (findings published in 2010) WebcamGate (2008–2010)

Groups

Anonymous
- associated events
Avalanche
GNAA
0x1fe
GhostNet
PLA Unit 61398
RBN
ShadowCrew
TeamLoosh
World of Hell
Sandworm

Individuals

Darknets

Bluehell IRC

Hacking forums

ryan1918
unkn0wn.eu
darksun.ws

Vulnerabilities
discovered

Malware

2000	ILOVEYOU Pikachu
2001	Anna Kournikova Code Red Nimda Klez
2002	Simile
2003	SQL Slammer Welchia Sobig Gruel Graybird Blaster
2004	Bagle NetSky Sasser Mydoom
2005	PGPCoder Samy Sony rootkit
2006	Rustock ZLOB Stration
2007	Storm ZeuS Black Energy 1
2008	Asprox Agent.btz Mariposa
2009	Conficker Koobface Waledac