News

Swen Mass-Mailing Worm Carries Fake Microsoft Patch

Even as the industry awaited the breakout of a new Blaster-style worm and the G version of Sobig, a variation on another familiar piece of malware began making the rounds on Thursday. A virus based on the well-worn social engineering trick of making an e-mail look like it comes from Microsoft's support team started hitting user mailboxes.

Like previous viruses and worms based on the ruse, the e-mail arrives with an executable attachment that the virus authors try to pass off as a patch. This time, however, virus authors have gone to the trouble of designing a convincing HTML e-mail that resembles a Microsoft Web page. The HTML e-mail contains legitimate links to different Microsoft pages in addition to the nasty attachment.

Anti-virus vendors call the virus Swen (F-Secure), [email protected] (Symantec) or W32/Gibe-F (Sophos). Swen bears similarities to the Gibe.B worm discovered in February. Symantec upgraded its threat assessment for [email protected] to Level 3 on its severity scale Thursday evening due to an increasing volume of submissions.

The worm can arrive under a number of different subject lines and the From address varies. Once a system is infected, Swen attempts to send itself to e-mail addresses, and also attempts to spread through file sharing networks such as KaZaa and IRC. It also attempts to kill anti-virus and personal firewall systems running on a computer.

In response to similar worms in the past, Microsoft has said that it never sends security patches via e-mail.

The new virus comes at a time when IT organizations are on highest alert for new worms. Security experts expect a worm to be released any day that will exploit the critical Windows security hole Microsoft patched earlier this month with MS03-039. Also, the highly damaging Sobig.F worm expired on Sept. 10, and a Sobig.G variant is expected to hit any day.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Starting To Roll Out New Excel Connected Data Types

    Microsoft on Thursday announced some Excel and Power BI enhancements that add "connected data types" on top of the standard strings and numbers options.

  • Windows 10 Users Getting New Process for Finding Optional Driver Updates

    Accessing Windows 10 drivers classified as "optional updates" will be more of a manual seek-and-install type of experience, starting on Nov. 5, 2020, Microsoft explained in a Wednesday announcement.

  • Microsoft Changes Privacy Platform Name to SmartNoise

    Microsoft Research has changed the name of its "differential privacy" platform from "WhiteNoise" to "SmartNoise," according to a Wednesday announcement.

  • Why Restarting a Failed SCVMM Job Might Be a Bad Idea

    Occasionally, restarting a failed System Center Virtual Machine Manager job can leave your virtualization infrastructure in an unknown state. Here's how to avoid that.

comments powered by Disqus