SirCan 32 : Malicious Worm Crumples System

FTLComm - Tisdale - Wednesday, July 25, 2001
Vast numbers of business users in North America and around the world use Microsoft's Outlook as their e-mail application. The widespread use of a single e-mail application has left a door open for a miserable and really costly worm to infect a network and as of this time (2:30 Wednesday afternoon) the world's computer network, the Internet.

This piece of software is called SirCan32 and seems to have come from Mexico, it was first noticed causing problems on Monday and unlike other worms of its type like the "I LOVE YOU" bug that cause chaos this one travels slower but is much more troublesome. Last night businesses in Winnipeg felt the affect of SirCan as Advance Electronics began receiving in its e-mail system e-mail with rather ordinary looking attachments. No doubt other businesses were affected but we talked to the network administrator at Advance who set to work protecting his system and like most systems, proper protection and awareness can thwart a bug like this one.

The bug is received as e-mail and will come from a friend, someone you know and the attachment will look plausible. When you open it the worm copies itself and begins selecting material from your hard drive which it then e-mails to everyone on your address book, provided you are using Outlook. This is what happened yesterday to the FBI in Washington as confidential and sensitive documents began making their way out into the world.

The bug can search through a network and can attach itself to files which might ordinarily be sent as attachment thus moving to other targets. The net result is vast amounts of e-mail are flowing into the Internet. On Monday most experts thought it was a concern by today they know it is a real problem.

In Regina the SMTP email server bit the dust this morning unable to move e-mail out bound. The volume of e-mail being sent is enormous actually slowing all operations on the Internet but to folks using dial up connections as in most of rural Saskatchewan people could simply not log on to the Internet as it was clogged with massive e-mail downloads filling up the system.

This has meant that even if you do not use Outlook or a PC computer as this bug does not seem to affect Macintosh comptuers, you are still in trouble as the system itself is under serious attack.

With the momentum this bug has developed many worry that it will raise serious problems for Europe as it begins to infect that region today. However, there is a good chance this one may produce some long term problems as it does not go away quickly and has the ability to hide well enough to make it unseen for some days so that many will assume they were not affected and the cascading affects will continue well into the weekend.