Belle
26-09-2003, 21:21
My lovely mother fell foul of this virus and thus it came to me, but I was in the end just sufficiently alarmed not to open it but to check on it.
This is what I found
Hope I have saved at least one computer's life
It took mum three hours to mend her PC.
Appliesonly to PC users I imagine, rather than Apple Macintoshes
************
Swen' worm poses as security patch
ZDNet UK
September 18, 2003, 17:50 BST
Antivirus experts fear a new Windows worm could fool many into installing it, because of its legitimate appearance
Antivirus companies are warning of a new Windows worm that has the potential to spread quickly because it appears to be a legitimate security update from Microsoft.
For information on how to combat the worm (assuming you have already opened an email from these people), you will need to go onto Google and do a search for the name of the worm because I forgot to note the name of the website where I got all this from.
The Swen worm, known technically as I-Worm.Swen, W32/Swen.A@mm or W32/Gibe@MM.e, affects Windows 95, Windows NT and all newer versions, and spreads via email and through IRC, Kazaa and local area networks. It uses a vulnerability in Internet Explorer to execute directly from an email message, according to F-Secure. It also attempts to disable firewall and antivirus software. The worm first appeared in the wild on Thursday last week.
Windows users are still reeling from a series of damaging virus attacks that have caused chaos in recent weeks, partly due to the large number of Internet-connected PCs that have not patched known vulnerabilities.
One of the emails Swen uses to spread is a professional-looking message that appears to come from "MS Technical Assistance", and contains a notification of a "September 2003, Cumulative Patch", along with the virus attachment. Microsoft does not spread updates via email.
When executed, the worm continues to pose as a security update, launching a message windows that states: "This will install Microsoft Security Update. Do you wish to continue?" If the user clicks "Yes" the worm shows a fake installation dialogue box, but also installs invisibly if the "No" button is pressed.
Swen installs various files to ensure that it is launched every time the system boots up. It also disables the user's ability to edit the Registry.
Users are advised not to launch attachments. Symantec, F-Secure, Sophos, Network Associates and others have updated the definitions in their anti-virus software to prevent Swen infections.
This is what I found
Hope I have saved at least one computer's life
It took mum three hours to mend her PC.
Appliesonly to PC users I imagine, rather than Apple Macintoshes
************
Swen' worm poses as security patch
ZDNet UK
September 18, 2003, 17:50 BST
Antivirus experts fear a new Windows worm could fool many into installing it, because of its legitimate appearance
Antivirus companies are warning of a new Windows worm that has the potential to spread quickly because it appears to be a legitimate security update from Microsoft.
For information on how to combat the worm (assuming you have already opened an email from these people), you will need to go onto Google and do a search for the name of the worm because I forgot to note the name of the website where I got all this from.
The Swen worm, known technically as I-Worm.Swen, W32/Swen.A@mm or W32/Gibe@MM.e, affects Windows 95, Windows NT and all newer versions, and spreads via email and through IRC, Kazaa and local area networks. It uses a vulnerability in Internet Explorer to execute directly from an email message, according to F-Secure. It also attempts to disable firewall and antivirus software. The worm first appeared in the wild on Thursday last week.
Windows users are still reeling from a series of damaging virus attacks that have caused chaos in recent weeks, partly due to the large number of Internet-connected PCs that have not patched known vulnerabilities.
One of the emails Swen uses to spread is a professional-looking message that appears to come from "MS Technical Assistance", and contains a notification of a "September 2003, Cumulative Patch", along with the virus attachment. Microsoft does not spread updates via email.
When executed, the worm continues to pose as a security update, launching a message windows that states: "This will install Microsoft Security Update. Do you wish to continue?" If the user clicks "Yes" the worm shows a fake installation dialogue box, but also installs invisibly if the "No" button is pressed.
Swen installs various files to ensure that it is launched every time the system boots up. It also disables the user's ability to edit the Registry.
Users are advised not to launch attachments. Symantec, F-Secure, Sophos, Network Associates and others have updated the definitions in their anti-virus software to prevent Swen infections.