|Home||Switchboard||Unix Administration||Red Hat||TCP/IP Networks||Neoliberalism||Toxic Managers|
|May the source be with you, but remember the KISS principle ;-)|
Copyright: Dr. Nikolai Bezroukov 1994-2013. Unpublished notes. Version 0.80.October, 2013
Contents : Foreword : Ch01 : Ch02 : Ch03 : Ch04 : Ch05 : Ch06 : Ch07 : Ch08 : Ch09 : Ch10 : Ch11 : Ch12 : Ch13
Chapter 7: Network worms
All information below was collected on Sunday, June 22, 2001. The preface was updated later, but AV description were not. This is important to recreate historical truth about the quality of coverage by AV vendors.
***** Symantec misses some facts provided by Kaspersky description (see below), but get most facts rights and also provide an important information that can be found nowhere else. For example Symantec was one of the few AV vendors that provided information about how worm uses registry keys can help to determine the extent of the damage. Later they even provided a small downloadable free disinfector for home users. The most important omission is that they hide the fact the worm cannot send any e-mail on Win2000 (and Win NT) systems due to a flaw in the code. They also provided information about Scmx32.exe and office.exe Startup folder:
7. There is a 1 in 33 chance that the following actions will occur:
- The worm copies itself from C:\Recycled\Sirc32.exe to %Windows%\Scmx32.exe
- The worm copies itself as "Microsoft Internet Office.exe" to the folder referred to by the registry key
**** I-Worm.Sircam, virus description [VirusList.com®] It looks like this time Kaspersky provides a quality information, but it misses the content of registry keys.
*** F-secure info is decent, but lucks both depth and clarity (They improve is as of July 24).
** Sophos article Sircam - are you protected Sophos information is weak
* McAfee.com - W32-SirCam@MM Help Center Initial McAfee coverage was very weak Later it was substantially improved and as of July 27 is compatative with Symantac and Kasperski. Still the list of documents that the worm send out is wrong.
- Nikolai Bezroukov
This is a dangerous worm that spreads via the Internet and local network. The worm itself is a Windows application written in Delphi about 130K in size. While spreading, the worm may append to its file an additional DOC, XLS, ZIP and other files (see below), so the attached file length can be more than 130K.
Upon being executed (by a clicking on the attached file for instance), it installs itself into the system, then sends infected messages (with its attached copy), infects local network computers (if there are drives shared for full access), and depending on system date, runs its payload routine.
The worm sends itself from infected machines as an attached file with a variable name and double extension:
where "ext1" can be one of the following variants: DOC, XLS, ZIP, or EXE.
The worm from the following variants randomly selects the "ext2" extension: PIF, LNK, BAT, COM. For example:
The "filename.ext1" comes from the original files that are located on an infected machine. The worm looks for a "ext1" file on a machine and obtains its name as an attach name. The worm then obtains the file contents and appends them to itself, and sends the result. So the infected files that are sent out of an infected machine contain two parts: 1: the worm's EXE code; 2: appended extra data that are a randomly selected DOC/XLS/ZIP/EXE file from an infected machine. This appended file is then used by the worm to disguise its activity (see below).
As a side effect such an "appended file" spreading method may cause confidential info disclosure.
The worm message Subject is "filename" as above (exactly the "filename" of the attached file).
The Body can be in two languages: English and Spanish. The first and last lines of the message body are always the same:
first line: Hi! How are you? Hola como estas ? last line: See you later. Thanks Nos vemos pronto, gracias.
The variants of text between these lines are:
I send you this file in order to have your advice
I hope you can help me with this file that I send
I hope you like the file that I send to you
This is the file with the information that you ask for
Te mando este archivo para que me des tu punto de vista
Espero me puedas ayudar con el archivo que te mando
Espero te guste este archivo que te mando
Este es el archivo con la informaciСn que me pediste
The worm obtains a victim's e-mail addresses by scanning files that may contain them: SHO*, GET*, HOT*, *.HTM, *WAB, and some others. The result of the search is then stored by the worm in fake DLL files in a system directory:
SCD.DLL file contains list of "ext1" files
SCH1.DLL, SCI1.DLL files contain a list of e-mail addresses located in scanned files.
There can also be SCT1.DLL and SCY1.DLL files found in a system directory, the worm stores additional data there.
Installation to System
The worm copies itself to:
- \RECYCLED directory on a Windows drive with the SirC32.exe name, for example:
- Windows system directory with the SCam32.exe name.
- Windows directory with the ScMx32.exe name.
- Windows start-up directory with the "Microsoft Internet Office.exe" name.
Note that not all these steps are performed by the worm upon the first start-up - some of the files are created there depending on different conditions.
The attributes of all these files are then set to "Hidden".
Two first files then are registered in the system-registry auto-run keys:
══Driver32 = %windows system directory%\SCam32.exe
The worm then extracts an appended "decoy" file (see above) to the Windows TEMP directory, with the "decoy" file having the "filename.ext1" name. The worm then opens this file with WINWORD.EXE or WORDPAD.EXE, EXCEL.EXE, WINZIP.EXE depending on "ext1".
The worm also creates additional registry keys and stores its internal data in here, with the name of the key being HKLM\SOFTWARE\SirCam.
To spread over a local network, the worm enumerates all network resources (obtains all shared directories on remote machines), and then copies itself to here. If there is a "\recycled" directory in the victim's shared directory, the worm copies itself to this directory with the SirC32.exe name:
The worm then appends to the end of the AUTOEXEC.BAT file the following command:
If there is a "\Windows" directory, the worm renames the RUNDLL32.EXE file to the RUN32.EXE name, and then overwrites the original RUNDLL32.EXE with its own copy.
The worm then sets hidden attributes to its copies.
Depending on the system date and time, the worm in one case out of 20, randomly deletes all files in the Windows directory and removes all directories contained here.
Upon each start-up in one case out of 50, the worm randomly creates a SirCam.Sys file in the root of the current drive and writes one of following texts there:
[SirCam Version 1.0 Copyright ╘ 2001 2rP Made in / Hecho en - Cuitzeo, Michoacan Mexico]
It appears to be that the worm writes these texts many times to fill free disk space.
These strings (as well as most of the other text stings) are encrypted in the worm's body.
SARC Write-up - W32.Sircam.Worm@mm
It creates copies of itself as %TEMP%\<File name> and C:\Recycled\<file
name>, which contain the attached document. This document is then launched
using the program registered to handle the specific file type (For example, if
it is saved as a file with the .doc extension, it will run using Microsoft
Word or Wordpad. A file with the .xls extension will open in Excel, and one
with the .zip extension will open in you default zip program such as WinZip.)
NOTE: The term %TEMP% is the Temp variable, and means that the worm will save itself to the Windows Temp folder, whatever its location. The default is C:\Windows\Temp.
2. It copies itself to C:\Recycled\Sirc32.exe and %System%\Scam32.exe.
NOTE: %System% is also a variable. The worm will locate the \System folder (by default this is C:\Windows\System) and copy itself to that location.
3. It adds the value
to the registry key
4. It creates the registry key
with the following values:
5. The (Default) value of the registry key
is set to
C:\recycled\sirc32.exe "%1" %*"
This enables the worm to execute itself any time that an .exe file is run.
6. The worm is network aware, and it will enumerate the network resources to infect shared systems. If any are found, it will do the following:
7. There is a 1 in 33 chance that the following actions will occur:
8. If this first payload activates, the file C:\recycled\Sircam.sys is created and filled with text until there is no remaining disk space. The text is one of two strings:
9. There is a 1 in 20 chance that on October 16th of any year, the worm
will recursively delete all files and folders on the C drive:
This payload functions only on computers which use the date format D/M/Y (as opposed to M/D/Y or similar formats).
10. The worm contains its own SMTP server which is used for the email routine. It obtains email addresses through two different methods:
11. It searches the folders referred to by the registry keys
for files of type .doc, .xls, .zip, and .exe. If it finds a match, the corresponding file will be appended to the worm's original executable and this new file will be sent as the email attachment.
12. After 8000 executions, the worm will stop running.
To remove this worm, you must:
- Delete any files detected as W32.Sircam.Worm@mm.
- Empty the Recycle bin to delete Sircam.sys (if it exists).
- Remove the entry that it made to the Autoexec.bat file
- Revert the change that it made to the registry key HKEY_CLASSES_ROOT\exefile\shell\open\command
See the sections that follow for detailed instructions.
NOTE: If you are on a network, or have a full time connection to the Internet, disconnect the computer from the network and the Internet. Follow the removal procedure on all computers, including the server. Disable or password protect file sharing before reconnecting computers to the network or to the internet.
To remove the worm:
1. Run LiveUpdate to make sure that you have the most recent virus definitions.
2. Start Norton AntiVirus (NAV), and run a full system scan, making sure that NAV is set to scan all files.
3. Delete any files detected as W32.Sircam.Worm@mm.]
To empty the Recycle Bin:
Right-click on the Recycle Bin and then click Empty Recycle Bin. You can also use Windows Explorer to delete the file C:\recycled\Sircam.sys if it is present.
To edit the Autoexec.bat file:
1. Click Start, and click Run.
2. Type the following, and then click OK.
The MS-DOS Editor opens.
3. Remove the line "@win \recycled\sirc32.exe" if it is present.
4. Click File and then click Save.
5. Exit the MS-DOS Editor
To edit the registry:
The worm modifies the registry such that an infected file is executed every time that you to run a .exe file. Follow these instructions to fix this.
Copy Regedit.exe to Regedit.com:
1. Do one of the following, depending on which operating system you are running:
- Windows 95/98 users: Click Start, point to Programs, and click MS-DOS Prompt.
- Windows NT/2000 users:
1. Click Start, and click Run.
2. Click Browse, and browse to the \Winnt\system32 folder.
3. Double-click the Command.com file, and then click OK.
1. Type copy regedit.exe regedit.com and press Enter.
2. Type start regedit.com and press Enter.
3. Proceed to the section "To edit the registry and remove keys and changes made by the worm" only after you have accomplished the previous steps.
NOTE: This will open Registry Editor in front of the DOS window. After you finish editing the registry and have closed Registry Editor, close the DOS window.
To edit the registry and remove keys and changes made by the worm:
CAUTION: We strongly recommend that you back up the system registry before making any changes. Incorrect changes to the registry can result in permanent data loss or corrupted files. Please make sure you modify only the keys specified in this document. For more information about how to back up the registry, please read How to back up the Windows registry before proceeding with the following steps. If you are concerned that you cannot follow these steps correctly, then please do not proceed. Consult a computer technician for more information.
1. Navigate to and select the following key:
CAUTION: The HKEY_CLASSES_ROOT key contains many subkey entries that refer to other file extensions. One of these file extensions is .exe. Changing this extension can prevent any files ending with an .exe extension from running. Make sure you browse all the way along this path until you reach the \command subkey.
Do not modify the HKEY_CLASSES_ROOT\.exe key.
Do modify the HKEY_CLASSES_ROOT\exefile\shell\open\command subkey that is shown in the following figure:
McAfee.com - Virus Information Library
F-Secure Computer Virus Information Pages Sircam
Sircam is a mass mailing worm about 150 kilobytes in size. When run it copies itself to 'c:\recycled\SirC32.exe' and as 'SCam32.exe' to the windows system directory. The 'SirC32.exe' is registered as default startup command for EXE files so it will run whenever an EXE file is run. The 'SCam32.exe' file is registered as a driver that makes sure it will be started when the system boots up.
The worm collects e-mail addresses from Windows Address Book and Temporary Internet Files to a file called 'scw1.dll' in the system directory.
Another file is then created by the worm. It contains a list of files with certain extensions (e.g. with .DOC, .ZIP, .JPG extensions) located in a user's 'My Documents' folder. Since quite often users keep their personal or company-related documents there, it means that the worm can send out confidential information.
Using its own SMTP engine the worm sends messages the addresses it found. One of the document files is selected from the list and appended to the worm's file. This file will be sent with double extension, for example .DOC.EXE, .ZIP.COM, .JPG.PIF, etc.
When a recipient opens this attachment, his system gets infected and then the included document is displayed. This way the worm's activity is disguised.
Messages sent by the worm look like this (english version):
Subject: Document file name (without extension) From: [email@example.com] To: [firstname.lastname@example.org]
Hi! How are you? I send you this file in order to have your advice See you later! Thanks
If language setting on the infected machine is spanish the worm sends a spanish version of the message:
Subject: Document file name (without extension) From: [email@example.com] To: [firstname.lastname@example.org]
Hola como estas ? Te mando este archivo para que me des tu punto de vista Nos vemos pronto, gracias.
The second sentence is randomly chosen from four variants.
The attached file has the name of the document the worm picked up from infected computer with double extension, for example filename.DOC.EXE, filename.ZIP.COM, filename.JPG.PIF, etc.
The worm can also spread trough Microsoft Network Shares. It checks all the share available to the infected machine. If there is a '\recycled' directory on the share it tries to infect. First copies itself to '\recycled', and tries to replace '\windows\rundll32.exe' with a copy of itself. The original 'rundll32.exe' is renamed to 'run32.exe'. After that an extra line is added to '\autoexec.bat':
If your system is infected with the worm first please download this REG file and install it (by double-clicking on it):
This will remove the worm's reference from the EXE file startup key in the Registry.
Warning! The system might become unusable if the worm's file is deleted without modifying the EXE file startup key first.
After that the system can be safely disinfected with FSAV. If for some reason the worm's file can't be deleted from Windows (locked file), then you have to exit to pure DOS and delete the worm's file manually or use a DOS-based scanner (F-Prot for DOS for example).
If the workstation was infected trough a network share, the '\windows\run32.exe' file has to be renamed back to '\windows\rundll32.exe' after disinfection. Also the \recycled\SirC32.exe file has to be deleted and extra line in the 'autoexec.bat' should be removed.
[Analysis: Gergely Erdelyi, F-Secure Corp.; July 18th, 2001]
Sophos virus analysis W32-Sircam-A
|Aliases:||W32.Sircam.Worm@mm, W32/SirCam@mm, Backdoor.SirCam|
|Detection:||Will be detected by Sophos Anti-Virus September 2001
(3.49) or later. A virus identity (IDE) file is available for earlier
versions from the Latest
virus identities section.
Sophos has received many reports of this worm from the wild.
|Comments:||W32/Sircam-A is a network-aware worm. The worm spreads
via email and by using open network shares. The worm arrives in an email
with a random subject which is identical to the attached filename.
The attached filename is also randomly chosen, but it has a double extension (for instance, .doc.com or .mpg.pif).
If the attachment is opened, the worm copies itself into the Windows System directory with the filename scam32.exe. The worm also copies itself as a file called sirc32.exe to the Recycled files directory with its file attributes set to hidden.
The worm changes the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services\Driver32 so that it runs on Windows startup. The registry key HKLM\SOFTWARE\Classes\exefile\shell\open\command is also changed so that the worm runs before any other executable file is opened.
The worm uses the registry key HKLM\Software\SirCam to save data used internally by the worm code.
If the worm finds any open network share, it will attempt to copy itself into the Windows directory on the machine with an open share, with the filename rundll32.exe. The original rundll32.exe file is renamed to run32.exe. If this is successful, the worm changes the file autoexec.bat so that it includes a command to run the worm file previously dropped to the C:\recycled directory.
The worm contains its own SMTP routine which is used to send email messages to email addresses found in the Windows address book and the temporary internet folder, where cached internet files are kept.
Depending on the operating system default language every email message sent by the worm will always contain identical first and last lines.
If the default language is English the first line of the message will be:
"Hi! How are you?"
and the last one will be
"See you later. Thanks".
If the default language is Spanish the first line of the message will be
"Holla como estas ?"
and the last one will be
"Nos vemos pronto, gracias.".
On 16 October there is a 1 in 20 chance that the worm will attempt to delete all files from the hard drive.
This Trojan propagates via email using SMTP commands. It sends copies of itself to all addresses listed in an infected user's address book. It arrives in an email with a random subject line, and an attachment by the same name. It has no destructive payload.
First, restore your system configurations through the registry. To do this:
It is important that steps 7 to 9 be followed before removing the Trojan file or else no executable file will be able to run. If the Trojan is deleted, REGEDIT is no longer accessible. Please rename regedit.exe to regedit.com then execute regedit. Then just follow the step 1-9.If the Trojan is not yet deleted, you can also use the tool fix_sircam.reg. This will remove the Trojan association from the registry.
Once the association is removed restart your system. Scan your system with Trend Micro antivirus and delete all files detected as TROJ_SIRCAM.A. To do this Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro’s free online virus scanner.
If you need further assistance with this solution, please send an email to email@example.com.
Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network or home PC.
|In the wild:||Yes|
|Trigger condition 1:||Upon execution|
|Payload 1:||Creates Files|
|Detected by pattern file#:||917|
|Detected by scan engine#:||5.170|
|Size of virus:||137,216 Bytes|
The worm arrives as an attachment to the following email:
Subject: (random subject line, with the same name as the
Message body: (The body could be either in Spanish or English)
Hi! How are you?
I send you this file in order to have your advice OR I hope you can help me with this file that I send OR I hope you like the file that I send you OR This is the file with the information that you ask for
See you later. Thanks
Attachment: (random filename, with the same name as the subject line)
Hola como estas ?
Te mando este archivo para que me des tu punto de vista OR Espero me puedas ayudar con el archivo que te mando OR Espero te guste este archivo que te mando OR Este es el archivo con la informacion que me pediste
Nos vemos pronto, gracias.
The attachment contains a copy of the worm merged with a randomly chosen file from the sender's computer.
Upon execution, this worm copies itself to a SCam32.EXE in the System directory. It then splits merged files in the attachment and drops these to a SIRC32.EXE file and a <Original filename of the merged file> in the C:\Recycled folder.
To execute every bootup, it creates the below registry entry:
CurrentVersion\RunServices\Driver32 = “C:\Windows\System\Scam32.exe”
It modifies the following registry entry:
HKEY_CLASSES_ROOT\exefile\shell\open\command = “”%1”%*”
to the following, to allow this Trojan to run whenever an .EXE file is executed:
command = “”C:\Recycled\SirC32.exe” ”%1”%*”
It also creates the following registry key, where it stores data:
The below are the data it stores:
Manually removing a infection from your computer can put your
data at risk for damage that may or may not be recoverable. Central Command
strongly recommends that you backup all of your data prior to attempting to
remove an infection or repair any damage causes by a infection.
Aliases: W32.Sircam.Worm@mm, W32/SirCam@mm
Type: Internet Worm (mass mailer)
I-Worm.Sircam.A is an Internet worm that is spreading itself through e-mail.
The worm arrives through e-mail in the following format:
Subject: (The subject line will be random)
Body: Hi! How are you?
See you later. Thanks
Attachment: (Same as Subject: line + containing a double extension, ie. COM.EXE)
*Note: It might be possible that it will contain additional text in the body of the message between the two lines listed above
When the user opens the attachment, the worm adds the following keys into the registry:
1.) HKCR\exefile\shell\open\command\Default = "c:\recycled\SirC32.exe" "%1" %*"
2.) HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Driver32 = c:\windows\system\SCam32.exe
The first registry key enables the worm to copy the SirC32.exe file to the folder C:\Recycled\ which allows the worm to run after each *.exe file is executed. The second key stores the filename Scam32.exe into the C:\Windows\System folder, which allows the worm to execute automatically.
I-Worm.Sircam.A also uses its own special SMTP routine to send unsolicited email messages to those addresses obtained from a search within the Windows address book, as well as, from the users Temporary Internet folder.
If the virus happens to find a network shared directories, it will try to copy itself into the local Windows directory under the name rundll32.exe. The original file is renamed as run32.exe. If the worm succeeds, it will modify the autoexec.bat file by introducing a new line which will allow it to execute the file previously saved in the Windows directory.
As a “signature” the author added the following strings in the virus in an encrypted form:
[SirCam Version 1.0 Copyright 2001 2rP Made in / Hecho en - Cuitzeo, Michoacan Mexico]
*There is also a duplicate of this worm in the Spanish language.
The body format of the Spanish e-mail message would contain the lines:
Hola coma estas ?
Nos vemos pronto, gracias
Step 1.) Delete all files being detected as I-Worm.Sircam.A, make sure that you also empty the Recycling bin as well
Step 2.) Make the needed modifications to the registry. Run the registry editor, this can be done by clicking the Windows Start button and selecting “Run”. Within the pop-up box type in “regedit”
Then, locate and the following keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices and delete the key Driver32 (which contains the value “%windows-system%\Scam32.exe”).
This key should be changed to the value ""%1"%*"
HKEY_LOCAL_MACHINE \Software\SirCam should be entirely deleted (all values contained within).
You can now close the registry.
Step 3.) Restart your computer.
Step 4.) Go back to the Windows Start button and select “Run”.again. This time type the word “command” and press enter. In the command prompt window type the following lines:
C:\> cd Recycled (hit enter)
C:\>Recycled> attrib –h sirc32.exe (hit enter)
C:\>Recycled> del sirc32.exe (hit enter)
C:\>Recycled> cd .. (hit enter)
C:\> cd Windows (hit enter)
C:\Windows\> attrib –h scam32.exe (hit enter)
C:\Windows\> del scam32.exe (type Exit)
To disinfect a networked computer infection, on the infected machine the file \windows\run32.exe should be renamed over the \windows\rundll32.exe (if they exist). Also, from the file autoexec.bat the following line must be deleted:
@win \Recycled\SirC32.exe and the file \Recycled\SirC32.exe should also be deleted
Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers : Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism : The Iron Law of Oligarchy : Libertarian Philosophy
War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda : SE quotes : Language Design and Programming Quotes : Random IT-related quotes : Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce : Bernard Shaw : Mark Twain Quotes
Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 : Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law
Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds : Larry Wall : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS : Programming Languages History : PL/1 : Simula 67 : C : History of GCC development : Scripting Languages : Perl history : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history
The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month : How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite
Most popular humor pages:
Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor
The Last but not Least
Copyright © 1996-2016 by Dr. Nikolai Bezroukov. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) in the author free time and without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.
Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...
|You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info|
The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.
Last modified: September 12, 2017