We received three emails containing this virus from the same person (one of our suppliers). According to the "Trend Virus Report" newsletter, it is the TROJ_SIRCAM.A virus, and is spread as an email with random headings. The headings we got were: "Account Adjustment Form" "Information Systems quote - subway revised #1" "Dan Costello Mr goodcents quote" Fortunately, I recognized this as a virus before I opened the attachment. The latest Norton Anti-Virus files detected the attachments as viruses. I didn't have the latest virus definition files when the email messages came in, and they weren't recognized. Since they were from someone we do business with, and the titles (at least on one or two of them) were reasonable, I might have opened the attachments if I weren't highly suspicious of email attachments. I got the latest Norton update and scanned them, and Norton took care of them. The "Trend Virus Report" link for this is: http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SIRCAM.A At 07:12 AM 7/25/2001, you wrote: >Sorry James if this is the wrong topic tag. I send an original message (as >apposed to a reply) only a few times a year, so I forget the details and I'm >not on line right now. > >I just received two messages directly to me with the email address I only >use on the PIClist. I assume some others probably got them too. These >messages may contain viruses. Each had an attachment that was named >.doc.bat. My advice is DON'T OPEN IT!. This is one of the >sneaky ways viruses get into your system. Some people have the setting >"Don't show file extensions of know file types" enabled, so this will appear >like a harmless ".doc" file. However it is really a ".bat" file, which can >do whatever it wants on your computer if you are dumb enough to run it. Of >course the kind of people that leave know file extensions off already >flunked the first intelligence test, so they are more likely to invite a >virus in too. > >I looked at the BAT files, and they contained mostly binary, which is even >more suspicious. Here is the full message with header, up to the >attachment: > > >Received: from mail.net1plus.com by cognivis.com ; 2001 JUL 24 21:05:45 EDT >Received: from mta4-rme.xtra.co.nz ([203.96.92.15]) by mail.net1plus.com > (Post.Office MTA v3.5.3 release 223 ID# 0-59765U14000L1700S0V35) > with ESMTP id com for ; > Tue, 24 Jul 2001 18:45:51 -0400 >Received: from PHOENIX ([210.55.124.208]) by mta4-rme.xtra.co.nz with SMTP > id <20010724222915.EVUM4145347.mta4-rme.xtra.co.nz@PHOENIX> > for ; Wed, 25 Jul 2001 10:29:15 +1200 >From: staff@blueberry.co.nz (Blueberry Country Ltd) >To: olin_piclist@EMBEDINC.COM >Subject: Failure on any CONDITITONS OF STORAGE >date: Wed, 25 Jul 2001 10:37:34 +1200 >MIME-Version: 1.0 >X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 >X-Mailer: Microsoft Outlook Express 5.50.4133.2400 >Content-Type: multipart/mixed; >boundary="----7E18732A_Outlook_Express_message_boundary" >Content-Disposition: Multipart message >Message-Id: <20010724222915.EVUM4145347.mta4-rme.xtra.co.nz@PHOENIX> > >------7E18732A_Outlook_Express_message_boundary >Content-Type: text/plain; charset=ISO-8859-1 >Content-Transfer-Encoding: quoted-printable >Content-Disposition: message text > >Hi! How are you=3F > >I send you this file in order to have your advice > >See you later=2E Thanks > >------7E18732A_Outlook_Express_message_boundary >Content-Type: application/mixed; name="Failure on any CONDITITONS OF >STORAGE.doc.bat" >Content-Transfer-Encoding: base64 >Content-Disposition: attachment; filename="Failure on any CONDITITONS OF >STORAGE.doc.bat" > > >******************************************************************** >Olin Lathrop, embedded systems consultant in Littleton Massachusetts >(978) 742-9014, olin@embedinc.com, http://www.embedinc.com > >-- >http://www.piclist.com hint: To leave the PICList >mailto:piclist-unsubscribe-request@mitvma.mit.edu -- http://www.piclist.com hint: To leave the PICList mailto:piclist-unsubscribe-request@mitvma.mit.edu