[Dshield] Re: Dshield digest, Vol 1 #220 - 11 msgs

John Hardin johnh at aproposretail.com
Sat Aug 25 19:14:56 GMT 2001

On Fri, 24 Aug 2001, Susan wrote:

> "Bear in mind that SirCam is also going around, and there's no way 
> to patch the hole it's based on apart from keeping the user well 
> away from the computer... :)"

A bit of humor.

SirCam is a "Social Engineering" worm. The infection vector is nothing fancy
like a buffer overflow or an unexpected side-effect of an ActiveX control. It
just gets executed by a user who has been tricked into executing it by the
"From" address and the text content of the message: "Please take a look at this
and give me your advice."

Hence the way to patch the hole SirCam exploits is to keep the user well away
from the keyboard and mouse until they are educated in safe practices w/r/t
email attachments and have a properly skeptical (paranoid?) attitude.

John Hardin                                   <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192

More information about the list mailing list