stephanie is: 
confused…
um, is there some virus going around? i have received 7 emails in the past 24 hours with this body message:
Hi! How are you?
I send you this file in order to have your advice
See you later. Thanks
the first 6 were from one person i did not know. the subjects were all “lawleter” and they each had a one meg attachment (that i did not open even though i be mac). they were all named the same thing except for the last 3 letters (lawleter.DOC.pif, lawleter.DOC.lnk, lawleter.DOC.com, lawleter.DOC.bat, and lawleter.DOC.lnk again). 6 megs worth i had to delete of the server.
so just now i get one from someone else with the subject “vetren” and a 217k attachment called “vetren.doc.pif”…. wtf?
it’s real nasty
you’ll find info on it here 🙂
http://www.viruz.com/article.php?sid=83
yep!
I can’t tell you how many times I’ve seen that email both in English and Spanish in our tech support email manager!
m’hmm…
i’ve gotten that damn thing 13 times in the last 3 days…. guh…
me too
I’ve been getting them too, for like a day and half now, very annoying, always a different subject and file name…
I thought maybe it was some disgruntled webcam fan of mine that I had rejected, but maybe not.
i got it for the first time on friday. it’s been in russia for the better part of last week.
I got it 87 times from the same person. Sigh. Here‘s the Symantec page on it.
Yep…
Welcome to the club of dangerous spam… Luckily on Linux and you on MacOs it isn’t dangerous since it is a windows virus….
yes it is
yes its a virus !name W32.Sircam size 150 Kbytes.
after opening it s installing following files
‘C:RecyledSirC32.exe’
‘C:RecyledLoveJoy_.com’
‘C:WindowsSystemScam32.exe’
‘C:WindowsTempLoveJoy_.com’
the file
SirC32.exe is installed to the Registry Shell – command for .EXE-
files so the worm opens after every start of an .EXE file
its using following entry in the Registry:
[HKEY_CLASSES_ROOTexefileshellopencommand]
@=””C:\recycled\SirC32.exe” “%1″ %*”
the Scam32.exe is now named in Registry as “driver” that opens with every system run:
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunService
s] “Driver32″=”C:\WINDOWS\SYSTEM\SCam32.exe”
SirCam can also write into the Autoexec.bat with following instruction
@win recycledSirC32.exe
end the worm enters a third entry into the registry
[HKEY_LOCAL_MACHINESoftwareSirCam]
if the file scam.exe or SirC32.exe is with the ending .DOC.COM
the worm deletes on opening all files that are saved on C:
and it send itself with its own SMTP-Engine as a .exe
the adresses are found in your windows adress book and in files with following endings or beginnings : SHO*, GET*, HOT*, *.HTM, *WAB
and some more . these email adresses are camouflaged
as DLL files
in windows. the filename ist mostly SCD1.DLL, but the second and third letter may change
the Attachment of the email has two filename-extensions
like
-> filename.ext1.ext2
the first one(ext1) can be named : DOC,
XLS, ZIP, EXE. the second(ext2) one of the following Extensions: PIF, LNK, BAT, COM.
the name of the Attachment (filename.ext1) comes from any file in your “my files” folder
the worm creates a list of all documents with following ending : .DOC .EXE .GIF .JPG .JPEG .MPEG
.MOV .MPG .PDF .XLS .ZIP – and saves them as SCD.DLL in your system directory . if the worm sends itself is searches some filename in in this list and renames the following file.
ok that?s what i found out ! i hope you do not open the emails …and understand my broken english !!
greetings from germany
jasmin
http://www.jasmin-cam.de
It’s so nice to have a mac. Less concern about viruses actually wreaking havoc.
i got that email last nite too..i just deleted it cause the file sounded all screwy..and i don’t ever open files from anyone i don’t know.
my company got hit with it pretty bad.
Gah. 12 times today.
I’m getting tired of it.