lesson banner

Sir WHAT???
by sandy feet

Hi! How are you?
I send you this file in order to have your advice
See you later. Thanks.

It started off as a slow trickle - half a dozen e-mails in my inbox, all featuring the same message, but from different sources. The files these messages dropped into my attachments folder had innocuous-enough sounding names: policies.doc.lnk, venderinfo.doc.pif, x-mas.zip.bat, etc*. ) -- though the double extensions suggested something might be amiss...

I was in Amsterdam at the time (more on that trip next week). Having finally found a net cafe that would let me plug in my laptop, I was trying to download over a week's worth of e-mail (over 600 messages!) when that trickle started. The suspect files were transferred to a "I'll deal with this later" folder and then forgotten. I had lots more fun things to do in Amsterdam then mess with e-mail, of course.

Back in my office on my desktop machine, expecting only two days worth of mail, I discovered that the trickle had grown to a flow - over 100 identical messages, many from local businesses and all containing files that I could tell had no business being on my hard drive. A little research on the web soon convinced me that I was being mail-bombed by computers infected with the "SirCam Worm." A worm is not exactly the same thing as a virus, but for the purposes of this column, let's call it that. It's particularly nasty because once it infects one computer, it will also infect all networked computers, making businesses especially susceptible. The whole network must be shut down and all traces of the worm removed or the the system will become re-infected.

This worm contains it's own e-mail capabilities, and goes merrily on its way, spewing random files from your hard drive at people in your e-mail address book. In this way, I have found out that my e-mail address is in a LOT of address books. Over the past few days, the flow has erupted into a flood -- as many as 150 in one hour! finally forcing me into learning a new trick with my e-mail client: a handy little gizmo called a filter.

At any rate, as a Mac user I never had anything to fear from this little worm. It, like MOST other viruses, is aimed at all you Windoze users. (Since there are so many more of you, you of course present a much more tempting target.) But from the looks of where these files are coming from, a good many Island computers were hit, and the in-house techies will likely still be mopping up the mess as you read this column. There is some indication that any infected computers that are not cleaned up by mid-October are at risk of having all their data wiped by this worm.

So how can you prevent infections like this in the future? 1. Switch to a Mac! (I know.... you just knew I was going to say that.) 2. Invest in anti-virus protection and use it! 3. Never open files with double extensions, and never open files with any of the following extensions: .exe, .com, .bat, .shs, .hta, .vbs, .vbe, .pif, .js, or .je

Next week: Back to my favorite topic (sand sculpture, of course!) with the whole story on my recent 1st place victory in Italy... ciao for niao!


* though "enemalyrics.doc.lnk" sure made me curious


There are five (5) ways to submit your questions/comments for future Ask Sandy columns: In person; by phone (761-6222) or fax (761-8930); the US Postal System (box 2694,spi,78597) and E-mail: (sandyfeet@unlitter.com). Visit my web-site (http://spionline.com/) for tips on sandcastling, contest info, recent Ask Sandy columns, and my reviews of local businesses.

See some more sandy feet columns

sandyfeetyangfeet


south padre island on line