'Swen' worm poses as security patch

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

<font size="3">'Swen' worm poses as security patch </font>
Antivirus experts fear a new Windows worm could fool many into installing it, because of its legitimate appearance

Antivirus companies are warning of a new Windows worm that has the potential to spread quickly because it appears to be a legitimate security update from Microsoft.

The Swen worm, known technically as I-Worm.Swen, W32/Swen.A@mm or W32/[email protected], affects Windows 95, Windows NT and all newer versions, and spreads via email and through IRC, Kazaa and local area networks. It uses a vulnerability in Internet Explorer to execute directly from an email message, according to F-Secure. It also attempts to disable firewall and antivirus software. The worm first appeared in the wild on Thursday.

Windows users are still reeling from a series of damaging virus attacks that have caused chaos in recent weeks, partly due to the large number of Internet-connected PCs that have not patched known vulnerabilities.

One of the emails Swen uses to spread is a professional-looking message that appears to come from "MS Technical Assistance", and contains a notification of a "September 2003, Cumulative Patch", along with the virus attachment. Microsoft does not spread updates via email.

When executed, the worm continues to pose as a security update, launching a message windows that states: "This will install Microsoft Security Update. Do you wish to continue?" If the user clicks "Yes" the worm shows a fake installation dialogue box, but also installs invisibly if the "No" button is pressed.

Swen installs various files to ensure that it is launched every time the system boots up. It also disables the user's ability to edit the Registry.

Users are advised not to launch attachments. Symantec, F-Secure, Sophos, Network Associates and others have updated the definitions in their anti-virus software to prevent Swen infections.

Source: news.zdnet.co.uk

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Thanks for the head up Si

 

Just recieved an email that i suspect is this virus so in the bin it goes

 

Just got another 13 emails all with variations on this virus!

 

We've had a couple here at work as well, beware people the message that comes with it is very very realistic looking with links to the MS website and the nav bar in the top right and everything else.

beware

 

I just got it too, but Grisoft AVG caught and quarantined it before I even saw it. Need to take you Guys' word for its authenticity.

Good thing I updated AVG last night.

Deff thanks again for the warning, though

 

I just got two more hits, but guess what - in the "To" line, its targeted a whole bunch of us here at CertForums, including Admin@, Derek@, Luton (your Hotmail account), AndyL (B.Y account), and more ...

Nasty piece of work - good thing we're all smart enough to be up to date in protection, right ?????

 

I wondered where it had come from into my Hotmail!!

Hello Claims direct?
....Mr moneygrabbing-b'stard here Certforums infected my home network can I sue?

 

I got another 16 emails with this virus this morning. As far as I can see there all coming in on the email address I use in newsgroups.

A few links with more info on the worm:

viruslist.com
Network Associates Virus Information
Symantec Security Response
Trend Micro

 

I've been getting these all weekend I think I must have had around 50 since Friday.

http://www.microsoft.com/security/antivirus/swen.asp

Some info on protecting your PC against this worm.

Si