Since first being reported last Tuesday, the W32.Sircam.worm computer virus has been infecting computers across the world and spreading rapidly.
The dissemination of the worm has occurred so quickly that antivirus vendor Symantec today upgraded its security warning about the virus, giving it a Category 4 'severe' rating, up from a Category 3 'moderate' level on a scale of 1 to 5. Even the PC Advisor office has been affected.
The Sircam worm carries an executable file that, if opened, sets off an attack on the recipient's PC. The damage can include the deletion of all files and directories on the main hard drive and system performance degradation as hard drive space is filled by errant code carried by the worm, according to Symantec's Antivirus Research Center [sic] in California.
The worm takes a random document from the infected PC and uses that file in the subject line of emails it then sends to people in the victim's address lists. This provides a trojan effect, because there isn't a standard attachment name to look for.
It's curiosity that keeps viruses in circulation. Pete Lindstrom, a security analyst at Hurwitz Group, said the worm is spreading because no matter how many times people are told not to open emailed executable file attachments from senders they don't know, curious recipients open the attachments, allowing viruses to infect their machines and networks.
"There's too much cutesie-wootsie stuff out there" that email recipients want to check out, Lindstrom said. "The lesson here is you can't expect users to learn. There's too much fun going on out there on the internet."
Instead, he said, the onus for protecting against such attacks should increasingly be placed on system email administrators, who can do more to protect users from their own curiosity.
"If e-mail administrators aren't stopping it at the gateway [by plugging known security holes or using software that can detect and defend against such attacks] then it's dereliction of duty on the email administrator's side," Lindstrom said.
Ken Dunham, an analyst with SecurityPortal.com/Atomic Tangerine in California, said the worm is particularly dangerous to corporate networks because it replicates quickly and can clog servers with outgoing mail. "It can cause a denial of service (DOS) or distributed DOS attack," he said. "You can run into real problems with that."