|
FBI Unable to Contain New Computer Virus
WASHINGTON, July 25 (IslamOnline & News Agencies) - The FBI acknowledged Wednesday that its cyber-crime fighting unit was unable to block an e-mail virus sent to one of its computers, and may have even passed it on to others
Tuesday as it spread around the globe.
According to a statement, a computer within the FBI's National Infrastructure Protection Center (NIPC) was infected Tuesday with the SirCam e-mail virus, a "worm" that replicates itself and sends copies to others.
"The infection occurred even though the user was running the latest version of commercially available virus-scanning software," the FBI statement said.
"Upon discovery of the infection, the NIPC immediately implemented incident handling procedures to contain the worm but not before the infected computer had sent e-mails to those in the user's Windows address book."
An FBI spokesman declined to elaborate on the statement or say how many e-mail copies of the virus had been sent out by the FBI center. But, the mistake was particularly embarrassing because it occurred ahead of a U.S. Senate Judiciary panel's oversight hearing about the FBI cyber-unit's effectiveness.
The FBI statement said the NIPC was notifying the inadvertent e-mail recipients of the slip and had referred the matter to the FBI's Washington field office for investigation.
The e-mail comes with a randomly generated subject line, with a message starting with "Hi! How are you?"
It sometimes includes sentences such as "I send you this file in order to have your advice."
According to CNN reports, once a computer is infected with SirCam, the virus creates a list of files with extensions such as .DOC and .JPG that are located in the user's "My Documents" folder. The virus then sends copies of itself to users in the victim's address book, including one of those files chosen at random. However, the virus does not seem to delete files.
Wired News now reports that it appears that SirCam randomly selects e-mail recipients off lists and sends only a dozen or so copies of itself out with every new infection through its own Simple Mail Transfer Protocol (SMTP) engine.
When SirCam is run, it copies itself to the Recycling Bin, sets up a directory called 'c:\recycled\SirC32.exe' and appears as 'SCam32.exe' in the Windows system directory. This way the worm's activity is disguised, CNN added last Friday.
Some versions of the virus, which is believed to have been written by a sophisticated computer programmer in Mexico, also appear in Spanish.
Network Associates was among the numerous anti-virus firms that ranked the virus as "high risk," saying it can overload networks with e-mails.
Symantec, an anti-virus firm, initially categorized its warning level at 3 on a scale of 1 to 5, but raised it to 4 Thursday. Others initially designated it as a "medium" risk. Late Monday evening, it moved up from its weeklong moderate-threat rating.
Reports earlier this week stated that SirCam was not nearly as dangerous as earlier notorious viruses such as "IloveYou" and "Melissa". However, as of Wednesday, SirCam's intrusiveness and level of sophistication has caused virus analysts to re-think their initial assessments.
Andrew Antipass of Techserv believes that SirCam is far more sophisticated than Melissa, according to Wired News.
"This is the most cleverly constructed virus I have ever seen," Steve Gottwals of F-Secure told Wired News. "Someone put a lot of time and effort and thought into this. And yet all it does is cause trouble. It's really kind of sad."
Wired News also reported that SirCam is now ranked as the top virus threat on all of the antiviral companies alert-lists.
Companies and governments worldwide and in the U.S. have been affected by SirCam, including IslamOnline's Cairo office, which was down for eight hours.
Instructions on how to remove the virus can be located at any of the major anti-virus software websites.
|
