Sircam worm unlikely to hit hard

October 12, 2001 Sophos Press Release

Nimda virus was Sircam's worst enemy, says Sophos Anti-Virus

Sophos, a world leader in corporate anti-virus protection, today responded to warnings in the media that the infamous Sircam worm could wipe data from millions of computers on Tuesday.

The Sircam worm, which first appeared in July, has been programmed with a 1 in 20 chance to delete all files on infected computers' hard drives on October 16th. However, Sophos researchers have found that because of a bug in the virus author's code this payload is unlikely to activate. Since the Sircam worm emerged businesses have also been hit hard by the fast-spreading Nimda virus which appeared in September.

"Because the Nimda virus outbreak was so furious around the world, most companies and individuals have now updated their anti-virus protection," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "In doing so they have also ensured they are protected against Sircam. In many ways the author of Sircam must be rueing the day Nimda was released."

Sophos notes that despite Sircam additionally being programmed with a 1 in 50 payload of filling up hard drives with a junk message about Mexico on ANY day of the year, very few customers have reported this happening on their computer.

Sophos originally issued protection against the Sircam worm on July 18 2001. Sophos recommends users follow safe computing guidelines and ensure their anti-virus software is kept up to date.