What is an Internet Worm?

Share the knowledge

An Internet worm is a type of computer virus that can do everything form slow your computer down to a crawl to completely destroying files and disabling software. One of the most famous Internet worms is the I-Worm. The I-Worm or “I-Worm Rays” is a highly contagious and destructive computer virus. It can completely destroy your files or slow your computer down to near crippling levels. All a user has to do is open an infected email and the worm will begin doing its dirty work.

According to bitdfender (www.bitdefender.com), I-Worm or I-Worm Rays, also called I-Worm.Sircam.A and I-Worm.Magistr.A is an Internet and network worm similar to I-Worm.Magistr.A. The virus spreads through e-mail using its own SMTP routine, sending itself to addresses from the Address Book and from cache or through the shared directories.

Bitdefender also says, the virus is transmitted through a message with a randomly chosen subject and body, in the form of a combination between the virus infection routine and a file chosen randomly from My Documents. The original name of the file is kept, but an executable extension is added (.pif, .exe, .lnk). Users who do not have the option to see attachment extensions activated, will only see the original extension and can be easily fooled.

The symptoms of I-Worm include the presence of any of the registry keys or files mentioned in the technical description. Here is an example of an email message carrying the virus:

Subject: Document file name (without extension)
From: [us**********************@pr*****.mx]
To: [ra****@em***.book]

Hi! How are you?
I send you this file in order to have your advice


I hope you can help me with this file that I send
I hope you like the file that I send you
This is the file with the information that you ask for

See you later! Thanks

or, in Spanish:

Subject: Document file name (without extension)
From: [us**********************@pr*****.mx]
To: [ra****@em***.book]

Hola como estas ?
Te mando este archivo para que me des tu punto de vista


Espero me puedas ayudar con el archivo que te mando
Espero te guste este archivo que te mando
Este es el archivo con la informacion que me pediste

Nos vemos pronto, gracias.

If the attachment is opened, the worm copies itself in the system directory under the name scam32.exe. It also copies itself into the directory “Recycled” under the name sirc32.exe, which is a hidden file. Then the virus creates the following three keys in the Windows Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services

with the value Driver32 = %System%\scam32.exe to be accessed when Windows starts, and:


with the value C:\Recycled\sirc32.exe “%1″ %*” for the routine infection to be executed before any other EXE file.

If the virus finds network shared directories, it will try to copy itself into the local Windows directory under the name rundll32.exe. The original file is renamed as run32.exe. If the worm succeeds, it will modify the autoexec.bat file by introducing a new line which will allow it to execute the file previously saved in the Windows directory.

As a “signature” the author added the following strings in the virus in an encrypted form:
[SirCam Version 1.0 Copyright 2001 2rP Made in / Hecho en – Cuitzeo, Michoacan Mexico]

Destructive Actions by Bitdefender.com

It sends randomly, as attachment with the viral code, one of the infected system files at the e-mail addresses from the Address Book. On a random algorithm (one in 20 infected systems), it deletes all files and directories on the root directory C:\. This happens on Oct. 16 of every year, on the systems using the D/M/Y format for standard date. If the attached file (that generated the infection) contains FA2 without being followed by sc, this destructive action happens regardless of date format.

It slows system performances in one of 50 cases, multiplying a .txt file c:\recycled\sircam.sys. I-Worm.Sircam.A sends confidential information too: it might chose one of your extremely confidential files to attach to its viral code and send to your contacts from the Address Book.

To download the I-Worm removal tool, please visit bitdefender at www.bitdefender.com. Just follow the link to go directly to the removal tool and information about the I-Worm.

Sources: All information for this article was provided by Bitdefender.com.


All About Worms is always free, always reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP Publishing.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

Note: Some links on this site are partner links. That means that we earn a tiny bit if you purchase something through them, at no extra charge to you. This helps offset the cost of keeping this resource free for everybody (it doesn't cover our costs, but every little bit helps! :~) )

Share the knowledge

Author: The Top Worm

Leave a Reply

Your email address will not be published. Required fields are marked *