Saturday, September 20, 2003

Beware of New Email Virus

Poses as a "Microsoft security update"---just delete it, don't even open it.

From InformationWeek > Security > Virus Posing As Microsoft E-Mail Spreads Fast > September 19, 2003:

"Less than 24 hours after first being detected, the Swen blended-threat worm picked up steam Friday, gained a foothold in the United States and the United Kingdom, and accounted for more than 35,000 interceptions by E-mail filtering firm MessageLabs.

Swen, also called W32/Swen@MM, Gibe, and W32/Gibe-F, masquerades as E-mail from Microsoft and purports to carry a security update as its file attachment. The worm can also propagate over Internet Relay Chat and peer-to-peer files sharing networks such as Kazaa, as well as over network shares within the firewall if a machine inside a company is infected.

'It is highly effective in spreading because it looks very official and masquerades as a legitimate E-mail from Microsoft or as a fix tool for a well-known virus,' said Ken Dunham, an analyst with security firm iDefense. "