SirCam worm still a serious threat

Almost seven weeks after it started spreading, the SirCam worm is still topping the watch lists of almost every antivirus company. Market analyst Computer Economics estimates that by the end of August, SirCam had infected 2.3 million computers and caused $1 billion in damages related to cleaning infected systems and to lost productivity. Although antivirus companies have released updates so that their scanning software can detect SirCam, the worm shows no sign of abating. The problem is that so many average Joes continue to spread the infectious code because they are naive about the risks on the Internet and haven't updated their antivirus software, said Vincent Weafer, senior director of Symantec's antivirus research center. That's a concept that a hefty number of home PC users don't understand. In an online study, Symantec found that almost four out of 10 computer users either didn't have antivirus software installed or have never updated the software that came with their computer. The worm, discovered in mid-July, spreads in e-mail using tactics that are somewhat familiar. Arriving in a message apparently sent by a friend, the worm activates when the attachment is opened. The program infects the victim's computer, grabs a file from the "My Documents" folder, infects it, and sends the infected file to contacts in the computer's Microsoft Outlook address book. The worm also harvests e-mail addresses from Web pages temporarily stored in the computer's Internet cache. MessageLabs, which filters out malicious e-mail attachments detected in messages from the Internet, has discovered 20,000 copies of SirCam since the start of September. The worm has no competition for the top slot on the company's all-time list of commonly intercepted attachments: At 263,000 total copies and counting, SirCam easily beats out Magistr.A, which has infected almost 93,000 computers since the beginning of June.