Questions/Comments? We're here to help: (866) 267-4638

Major New Virus Outbreak Threatens Internet Users

July 26, 2001

For Immediate Release
Contact: Chris Owen - (316) 858-3000

Two new internet worms are currently on the loose and are set to cause major damage to the computers of those infected by them. One of the worms, the Magistr virus, was discovered in March but recently massively accelerated its spread. The other, the SirCamm virus, was only discovered in the past two weeks. Both of these virus injection programs spread via email and have the potential to cause major damage to infected computers.

Hubris Communications scans all incoming email for its customers for these types of email-transmitted virus programs and during the last week has seen a massive increase in the number of messages bound for its customers that are infected with these two destructive worms. During a "normal" week, Hubris Communications normally blocks several hundred messages with a total volume of approximately 50 megabytes. However, during the first 4 days of this week it has blocked over 4,000 messages with a total volume of over 500 megabytes. At that pace, this week will see an increase of nearly 1500% in volume of these type of emails.

Both of these virus injection programs are particularly dangerous both in the way they spread and because of the damage they can do. Initially both worms will spread from an infected computer via email to other computers. Unlike past worms which have emailed themselves primarily to addresses in the address book of an infected computer, the Magistr and SirCamm worms will also scan the computer for email addresses in such locations as sent mail folders, incoming mail and even the computers web browser cache that stores web pages a person using the computer has previously visited. Once a list of addresses is obtained, the worm will begin infecting personal documents it finds on the computer and email those documents to these email addresses. In the case of Magistr the subject of the email as well as the body of the message contain content taken from these personal documents.

The impact of this method of spreading itself means that any personal document on a computer infected is at risk of being emailed to any email address the worm can find on a hard drive. That means lawyers sending private correspondence to other clients or opposing counsel, companies sending private internal documents to customers and competitors and many other potentially embarrassing or damaging situations.

Once a persons computer has been infected for a certain period of time (30 days in the case of Magistr), the worm will then begin to harm files on the infected computer. These actions include delete and overwriting files, erasing global configuration data and in some cases even making entire hard drives unreadable.

Because of the method by which these worms spread, the risk for widespread problems is great. Since these documents are generally coming from someone that the person receiving them knows and because the content of the messages is personalized from each sender, the person receiving the worm is much more likely to infect themselves by trying to read the document. Also because the real damage from the worm isnt inflicted until after 30 days most people who have the worm (and are spreading it) do not even know they have been infected. By the time they begin to notice the damage they could have sent the worm to hundreds or thousands of other individuals that they correspond with. People sending infected emails to Hubris Communications customers are notified that their email was infected and that it was stopped before it was delivered. However, in most cases, the senders had no idea there was a problem before this notification.

Because most internet service providers do not scan emails for these type of destructive worms, most are unaware of the scope of the problem. Both of these worms have received very little coverage in the press despite the fact that they are spreading rampantly have the potential for massive destruction when the payloads they carry are triggered in 30 days.

Any consumer using a Microsoft Windows based computer is at risk from both these worms. However, there are thing that can be done to help protect these computers:

  1. Install a virus scanning software package on every computer connected to the internet.
  2. Make sure virus scanning software is updated at least weekly (the SirCamm worm was only discovered in the last 8 days and is currently the fastest spreading).
  3. Avoid using Microsoft Outlook or Outlook Express as an email client. Most of these type of worms use Outlook exclusively in order to spread themselves. Using a third party email client like Eudora will prevent the spread of a worm even if a computer is infected.
  4. Use a internet service provider that scans for these type of emails. Providers who do so have the advantage of updating their virus scanning software nightly and can prevent infected files from ever being delivered to a customers computer in the first place.

For more information on the Magistr and SirCamm worms, see:

http://www.symantec.com/avcenter/venc/data/w32.magistr.24876@mm.html

http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html

For more information about Hubris Communications, email hubris@hubris.net, call 858-3000 or visit their web site at www.hubris.net.

Back to Top