New Virus Worm replicates via email, network IRC and Kazaa

By on September 20, 2003, 5:55 PM
Just a few minutes ago I received a mail that looked very legitimate, it came from "Security Division" with the subject "Latest Internet Patch" when I opened it up I was greeted by the look and feel of emails Microsoft sends out:

[COLOR=royalblue]this is the latest version of security update, the "September 2003, Cumulative Patch" update which fixes all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to protect your computer. This update includes the functionality of all previously released patches.[/COLOR]

Of course I scanned the attachment and sure enough it was a virus, it's name was "[URL=http://www.f-secure.com/v-descs/swen.shtml]Swen[/URL]" [URL=http://www.f-secure.com/]F-Secure[/URL] has rated this virus at Level 1: The highest warning a virus can get. [URL=http://www.techspot.com/newspics/swen.jpg]Click this link[/URL] to see an image (127kb) of the email I received. Also see [URL=http://www.microsoft.com/technet/security/bulletin/MS01-020.asp]MS01-020[/URL] for a fix to the vulnerability this virus makes use of. F-Secure (linked above) has free removal tools for this virus available for download.
[COLOR=royalblue]Swen is a mass-mailer, which was first found on Thursday, September 18th, 2003. This rather complex worm uses several different techniques to spread and can, unlike most other e-mail worms, execute automatically when an infected e-mail message is received. Swen can also, in addition to e-mail, use IRQ chat, Kazaa networks and shared folders in local area networks to spread.[/COLOR] [URL=http://www.f-secure.com/news/items/news_2003091900.shtml]Original article[/URL]




User Comments: 6

Got something to say? Post a comment
StormBringer said:
Heh, C-Net only has it listed as a level6 [url]http://reviews.cnet.com/4520-6600_7-5078675.html?tag=cn
tfd.virus[/url]Symantec has some very detailed info on it with pictures. [url]http://www.symantec.com/avcenter/venc/data/w32.swen.a@m
.html[/url]
TS | Thomas said:
Yeah, my wife got one of those mails yesterday. Looks fine enough until you check the message headers & all ;)
Phantasm66 said:
Thanks very much for this. I have e-mailed all of the mortals in my department to tell them about it in terms that mortals will understand... ;)
TS | Thomas said:
Email that says it's from Microsoft = Bad.
Mictlantecuhtli said:
[quote][i]Originally posted by TS | Thomas [/i]Looks fine enough until you check the message headers & all ;) [/quote] "this is the latest version of security update ... which fixes all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express."Mail size in Per's screenshot: 157 kB.I guess they've done pretty good a job then :approve:
filkertom said:
See, this is why I don't want MS to have automatic updates that you have no control over. Computers can be hacked. The mail certainly looks legit, if you just give it a glance -- but the knowledge that MS announces patches, and tells people through press releases to run the Windows Update, rather than e-mailing them, is often forgotten by non-techies, and, I'd bet, even by a few techies. Just think of what damage could be done if some unscrupulous lamer could send out an "official MS update" that you couldn't cancel.
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.