ZDNet UK


Skip to Main Content

  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Security threats Toolkit

'Swen' worm poses as security patch

Matthew Broersma ZDNet.co.uk

Published: 18 Sep 2003 17:50 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Antivirus companies are warning of a new Windows worm that has the potential to spread quickly because it appears to be a legitimate security update from Microsoft.

For information on how to combat the worm, click here.

The Swen worm, known technically as I-Worm.Swen, W32/Swen.A@mm or W32/Gibe@MM.e, affects Windows 95, Windows NT and all newer versions, and spreads via email and through IRC, Kazaa and local area networks. It uses a vulnerability in Internet Explorer to execute directly from an email message, according to F-Secure. It also attempts to disable firewall and antivirus software. The worm first appeared in the wild on Thursday.

Windows users are still reeling from a series of damaging virus attacks that have caused chaos in recent weeks, partly due to the large number of Internet-connected PCs that have not patched known vulnerabilities.

One of the emails Swen uses to spread is a professional-looking message that appears to come from "MS Technical Assistance", and contains a notification of a "September 2003, Cumulative Patch", along with the virus attachment. Microsoft does not spread updates via email.

When executed, the worm continues to pose as a security update, launching a message windows that states: "This will install Microsoft Security Update. Do you wish to continue?" If the user clicks "Yes" the worm shows a fake installation dialogue box, but also installs invisibly if the "No" button is pressed.

Swen installs various files to ensure that it is launched every time the system boots up. It also disables the user's ability to edit the Registry.

Users are advised not to launch attachments. Symantec, F-Secure, Sophos, Network Associates and others have updated the definitions in their anti-virus software to prevent Swen infections.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with Konica

Did you find this article useful?
96 out of 145 people found this useful


In association with Intel

Talkback

Post a comment


Full Talkback thread

8 comments

  1. What never ceases to amaze me...is that all of the... August Valcik
  2. Great job. I knew it had to be a hoax at least a... Gribbly Snard
  3. People People! Its very important to keep up to da... Anonymous
  4. Here we go again, this spoof email is going to FOO... Curtis Zeisler
  5. Better than manual update is automatic update. I... Lou
  6. You can get a free fix for swen virus from http:/... Anonymous
  7. How do you know if you have the worm in your syste... john hodson
  8. re: keeping up to date on definitions. NAV set f... Steve Cornick

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:





Related Jobs

INFORMATION SECURITY OFFICER

Technology Risk Analyst, IT Security, CISM, CISSP, CISA, SSCP, London

Security Cleared Anti-Virus Specialist

Sentry Posts Blog

The Technological Singularity

Are we approaching a point when machines may wake up and become self or seemingly self aware? Vernor Vinge in 1993 seemed to think so. He refered to this event as the "technological... More

2 comments

Mobile Operating Systems: MOPS At a Gl...

Mobile Operating Systems: At a Glance Author: Eric Everson, Founder MyMobiSafe Since posting my blog exposing the security Google G1 security issue, I have received a few emails... More

Post a comment

Met Police catch test cheats

I saw the funny side of this press release, I can just imagine the two people sitting in the car giving the answers to the questions. Why they had wires running from under the bonnet... More

Post a comment

Featured Oracle Resources

Human Resources Management eBook

Supply Chain Management eBook

Design and Innovation Report

Economist Intelligence Unit Report - Technology and growth at mid-sized companies

See All White Papers