For information on how to combat the worm, click here.
The Swen worm, known technically as I-Worm.Swen, W32/Swen.A@mm or W32/Gibe@MM.e, affects Windows 95, Windows NT and all newer versions, and spreads via email and through IRC, Kazaa and local area networks. It uses a vulnerability in Internet Explorer to execute directly from an email message, according to F-Secure. It also attempts to disable firewall and antivirus software. The worm first appeared in the wild on Thursday.
Windows users are still reeling from a series of damaging virus attacks that have caused chaos in recent weeks, partly due to the large number of Internet-connected PCs that have not patched known vulnerabilities.
One of the emails Swen uses to spread is a professional-looking message that appears to come from "MS Technical Assistance", and contains a notification of a "September 2003, Cumulative Patch", along with the virus attachment. Microsoft does not spread updates via email.
When executed, the worm continues to pose as a security update, launching a message windows that states: "This will install Microsoft Security Update. Do you wish to continue?" If the user clicks "Yes" the worm shows a fake installation dialogue box, but also installs invisibly if the "No" button is pressed.
Swen installs various files to ensure that it is launched every time the system boots up. It also disables the user's ability to edit the Registry.
Users are advised not to launch attachments. Symantec, F-Secure, Sophos, Network Associates and others have updated the definitions in their anti-virus software to prevent Swen infections.
Talkback
What never ceases to amaze me...is that all of these virus's/bugs/worms...they make the news! Yet have I found the reporting source tell you where you can find a fix. I wouldnt have logged onto your site just to read about the Swen worm...just to find out about it characteristics? Where can you find a patch/removal...even if you have to pay for it?
Great job. I knew it had to be a hoax at least a worm at the worst. I knew M$ wouldn't send out patches, but with a Google search at 8:40pm EST only ZDNET turned up with the answer. Great job on being on the cutting edge since my Anti-virus software was up to date and it didn't stop it.
People People! Its very important to keep up to date with any possible virus attack. Please remember they are all preventable if you would just keep your virus definitions UP TO DATE. Which means clicking on the update buttons at least once a week. Simple! And please install those Firewalls! Tsk Tsk :)
Here we go again, this spoof email is going to FOOL a lot of people....
I just received this spoof email that appears to be a legitimate security update from Microsoft. I have so get so many spoof emails that looks like a PayPal or eBay email that I'm very careful about any email asking for passwords, credit card #, ss#, update personl information, my name of my 1st born child. :-) If I'm not sure if it's a spoof email I go to the website .....(DO NOT CLICK ON ANY LINK IN THE EMAIL)
That's my 2 cents worth.
Better than manual update is automatic update. I have NAV 2003 and it automatically updates definitions all the time. I got this virus several times in my mail account as a MS update. The people that spend their time creating this crap should get atleast 20 years in prison w/ no early parole, for this crime, when convicted. I hope that kid the Feds arrested, once proven guilty, gets the maximum sentence! I've only been hit by one virus but it did enough damage, including loss of valuable data, that I would gladly rap my fingers around the perp's throat and squeeze!
You can get a free fix for swen virus from
http://www3.ca.com/virusinfo/virus.aspx?ID=36939
How do you know if you have the worm in your system i run xp home i have A V G 6 anti virus spy bot
but i think i have had the worm put into my system i opened up an email before i new of the worm i do all the things they tell me to do with all my anti virus and it tells me that every thing is clear on my system can i beleive it ?? or is it still there??
re: keeping up to date on definitions.
NAV set for auto update. Every day it flashes a dialog box declaring my definitions not up to date. But when it goes to NAV website, invariably it immediately responds that the only Symantec product I have is Update and that there are no current updates that I need.
And, it indicates my last update to be weeks ago. The "old" date it is showing is my last manual update. When I recently downloaded the manual definitions package and initiated a full system scan, it came up with 2 unrepairable viruses. These conflicting messages leave me very uneasy about my NAV subscription.