It seems there's a new virus out there and it's not a hoax. It's called sircam32 (or a similar variation) and is a bit more clever than your regular virus in that in addition to harvesting its addresses from your windows address book, it searches your temporary internet files for email addresses and uses them too.

So, anyone with a website is in dnager of receiving this virus. I received 30 copies of it so far today, and one poor guys in AWW had it 421 times yesterday. If you just delete it your fine, but I have the following question :

This virus always comes with an attachment of approximately 200k. If I received it 421 times (which luckily I didn't) that's a couple of GB per month just in virus attachments. So, when is the email traffic measured. If someone sends me a 200k email, is it measured when it hits my server, when I download it, or both (which would make it 200k and 200k out, thus 400k I am charged for?).

So if there is some way of blocking it, would this prevent me from losing data transfer to this virus every month?

There's a lot of info about it (and a cure) at
http://www.europe.f-secure.com/v-descs/sircam.shtml

Not sure about blocking it I'm afraid...

One suggestion though might be to use a webmail system if you host offers it... That way you don't have to download the attachment and reduce your bandwidth quota by that...

In the mean time you'd better pray you don't get some of the more colourful copies which could include anywhere from a couple of Mb plus... The virus seems to copy data from the My Documents folder and mail it on in an attempt to camouflage itself...

Hope that helps some anyways...

ive got that in my email twice so far.

I've received it several times to a couple of different e-mail addresses of mine, all from people with whom I didn't have previous correspondence. The attachment is always named differently, and I've seen it with a variety of extensions including .bat, .pif, and .com (.com in this case is an old-style MS-DOS executable file, much like .exe). All of them have had the same message body which reads:

Hi! How are you?

I send you this file in order to have your advice

See you later. Thanks

I say all of them have the same message body, but one I received was mysteriously in Spanish (but translated said the same thing). The subject line of the message is the same as the name of the message attachment.

If you're using Norton or another anti-virus program, make sure you download the latest definitions.

Originally posted by IntelligentHosting.com
I've received it several times to a couple of different e-mail addresses of mine, all from people with whom I didn't have previous correspondence....

This is the bit that got me...

I really want to know why there's a whole bunch of people out there with my email address who I've NEVER once spoken to or contacted. Who are they, what were they doing with my email?, etc...

It's almost like the virus has uncovered a bunch of spammers I didn't know the emails for. :eek:

if you go to that article you will see that it looks through your internet cache and gets e-mails from the web-pages too.

Originally posted by SplashHost.com
if you go to that article you will see that it looks through your internet cache and gets e-mails from the web-pages too.

Yep, it reads the temporary internet files, and can send emails to any address found on any of the sites that have been visited.

That is why so many webmasters are getting this.

It even checks to see if your system language is Spanish, and sends a spanish message instead of english.

It changes the subject, the body text, and even the sender, and uses its own smtp server if it can't find one to use.

it's not like we can add senders to our killfiles, because many of them may actually be our clients, or potential clients, and if we block their messages we block potential business.


i think this thing is bigger than we are, and it's not going away any time soon. I have now received it 40 times today.

Do virtual hosts count email traffic as part of site traffic when calculating quotas? Somehow I remember most don't.

George

Guess what, I am receiving about 150 of those e-mails daily for the last 4-5 days, totaling about 50 Megs a day.

I found a way to help me get through this. I found this program which accesses the POP3 server without downloading the messages and lets you preview them. That way I can delete them while they're on the server before downloading. It still wastes valuable bandwidth and time.

Oh well, not much I could do.

Yup, most hosts count e-mail traffic as normal traffic.

Originally posted by webleo
Guess what, I am receiving about 150 of those e-mails daily for the last 4-5 days, totaling about 50 Megs a day.

I found a way to help me get through this. I found this program which accesses the POP3 server without downloading the messages and lets you preview them. That way I can delete them while they're on the server before downloading. It still wastes valuable bandwidth and time.

Oh well, not much I could do.

Sounds like a good idea. What's the program Leo? I wonder if our hosts will have already counted the traffic? I.E, is it counted when it gets sent to our mail server, or when we actually download it to our local computers?

Oh crap. I just spoke to my host, and they tell me data transfer is measured to and from the server. So if this email is 200k, you get charged once when it reaches your mail server, and once when you download it. So that's 400k in all.

Uh oh.

just got this from the norton website

"Due to what appears to be a bug, this worm does not replicate under Windows NT or 2000."

Horoscope, the program is called Mail Preview, you can find it on download.com.

I post the link as well, but in case it doesn't work, you can find it on that website.
http://download.cnet.com/downloads/0-3356720-100-4683489.html?tag=st.dl.10001-103-1.lst-7-3.4683489

Damn, just got the same e-mail again to a different account. Unfortunately, this attachment was 500K instead of the usual 200K :(

Not good :(

-Shawn

Just got it again to a third account, this time it was 800K :( Getting bigger :(

-Shawn

You can check your mailbox before you receive it by going to:

www.mail2web.com
or
www.3wmail.com