News

Swen Mass-Mailing Worm Carries Fake Microsoft Patch

Even as the industry awaited the breakout of a new Blaster-style worm and the G version of Sobig, a variation on another familiar piece of malware began making the rounds on Thursday. A virus based on the well-worn social engineering trick of making an e-mail look like it comes from Microsoft's support team started hitting user mailboxes.

Like previous viruses and worms based on the ruse, the e-mail arrives with an executable attachment that the virus authors try to pass off as a patch. This time, however, virus authors have gone to the trouble of designing a convincing HTML e-mail that resembles a Microsoft Web page. The HTML e-mail contains legitimate links to different Microsoft pages in addition to the nasty attachment.

Anti-virus vendors call the virus Swen (F-Secure), [email protected] (Symantec) or W32/Gibe-F (Sophos). Swen bears similarities to the Gibe.B worm discovered in February. Symantec upgraded its threat assessment for [email protected] to Level 3 on its severity scale Thursday evening due to an increasing volume of submissions.

The worm can arrive under a number of different subject lines and the From address varies. Once a system is infected, Swen attempts to send itself to e-mail addresses, and also attempts to spread through file sharing networks such as KaZaa and IRC. It also attempts to kill anti-virus and personal firewall systems running on a computer.

In response to similar worms in the past, Microsoft has said that it never sends security patches via e-mail.

The new virus comes at a time when IT organizations are on highest alert for new worms. Security experts expect a worm to be released any day that will exploit the critical Windows security hole Microsoft patched earlier this month with MS03-039. Also, the highly damaging Sobig.F worm expired on Sept. 10, and a Sobig.G variant is expected to hit any day.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • The Case for In-Application Backups

    Application-integrated backup tools should never replace conventional backups, but they have their place.

  • Microsoft Uniting OneDrive and SharePoint Admin Portals Next Month

    Microsoft is converging its OneDrive and SharePoint Admin Center management portals, with a consolidated portal expected to arrive for Microsoft 365 subscribers "through February."

  • Phishing Tops Concerns in Microsoft Study of Remote Work

    Potential phishing attacks were a top concern of most IT security professionals when organizations switched to remote-work conditions early last year.

  • How To Configure Windows 10 for Intel Optane Memory

    Intel's Optane memory technology can significantly improve the performance of your Windows 10 system -- provided you enable it correctly. A single mistake can render the system unbootable. Here's how to do it the right way.

comments powered by Disqus