[ Coordinator's note: This is the Sircam virus. It looks for addresses to send itself [ to by looking in the victim's address book, but also looking in the victim's [ internet cache, looking for email addresses on web pages that have been [ visited. [ [ The line "I send you this file in order to have your advice" is a [ dead giveaway, and the attachment should be deleted. If you try to [ open it, you'll be the one sending them as well as receiving them. [ [ While that message is by far the most common, at least in the United States, [ the virus can use several other short messages. Please be careful [ about what you open. [ [ Presumably this victim can't get any more mail because his address has been shut down [ until he can get his computer cleaned, but any of you at med.penn.edu who know [ him might want to check up and make sure he's gotten the word. [ [ Steve I send this out in case others are receiving the same messages. Over the last couple of days I've received several messages from 'Sandeep Vansal' whose return e-mail address is indicated as 'svansal@mail.med.upenn.edu' , but trying to reply you get a 'following address had permanent fatal errors, reason: can't create (user) output file'. The e-mail subject lines have been variously: 'Resig-AJ' 'Immuno-404' 'protein assay 4-20-00' The e-mail always has an attachment indicated which I haven't opened for obvious reasons. The message is always: "Hi! How are you? I send you this file inorder to have your advice. See you later. Thanks." To my knowledge I don't know a 'Sandeep Vansal' (but at my age, I could easily have forgotten perhaps a past acquaintance!). I searched the U. Penn site for this name and found no trace. It's probably nothing, but you never know. Ray Hester rhester@jaguar1.usouthal.edu
This archive was generated by hypermail 2b29 : Sun Jan 05 2003 - 19:01:30 EST