"This virus seems to be getting broad distribution," Oli Thordarson, president of Alvaka Networks, Huntington Beach, Calif., said Tuesday. "It appears to be successful as far as viruses go."

McAfee AVERT, a division of Network Associates, Monday upgraded the risk posed by SirCam from medium to high due to what it said was a rising number of infected computers.

Since the worm was discovered July 17, AVERT has received more than 300 samples of the virus directly and hundreds of reports of customers who were either infected or blocked the worm, the company said.

Other antivirus vendors, including Symantec and Trend Micro, also rate SirCam as high risk.

SirCam is a mass-mailing worm that arrives with varied messages. When the attachment is opened, it sends copies of itself to all addresses in an infected user's address book and also temporary Internet cached files.

Unlike other e-mail worms, which could be identified by carrying the same message such as I Love You, SirCam randomly selects a file from the infected computer as an attachment to itself. The message subject line contains the file name.

"Apart from the inconvenience of a clogged server, the SirCam virus has massive implications for businesses which store confidential data on local hard drives as well as on their networks," Mark Sunner, CTO of MessageLabs, a U.K.-based managed provider of e-mail security, said in a prepared statement.

Alvaka's Thordarson says his firm protects its managed service clients by keeping their antivirus protection updated so there were no reports of damage by SirCam among its account base.

However, he says a friend of his who heads a software services company was hit by the worm, which shut down her notebook computer. "She was finally able to get a "cleaner" from Symantec that got her back in business after being down about 48 hours," he said.

Although SirCam comes with randomly selected file names, it carries similar text in either English or Spanish. In English, the message begins: "Hi! How are you?" It may then have one of four different lines, including, "I send you this file in order to have your advice."

SirCam contains its own SMTP (Simple Mail Transfer Protocol) engine, which allows it to propagate itself, similar to an earlier worm, Magistr, according to Vigilinx, a security services firm based in Parsippany, N.J.

Also like Magistr, SirCam is "network aware" in that it searches for shared systems on the network to infect, according to Symantec.

SirCam has a one in 20 chance of deleting files on a user's C: drive on Oct. 16, but the date is based on day/month/year format and does not execute if other formats are used, according to Vigilinx.

MessageLabs said the first copy of the worm it intercepted came from South Africa. The company reported 7,129 copies of the worm on Monday.

Thordarson said he received four e-mails containing SirCam in a 24-hour period from one company in India that describes itself on its Web site as Internet infrastructure managers.

Antivirus vendors advised users to download updates to their antivirus software to protect their systems from SirCam.