Virus Warning- Swen

[Guest guest]

|| Jaya

Jagannath ||

Dear Jyotisha,

 

This information might

save some comps. For those who are not affected, I apologize for flooding the

mailbox.

 

Best Wishes

Sarajit

 

------

News Story

New Worm Targets File-Sharing Nets

 

 

 

 

Thu Sep 18, 6:00 PM

ET

 

 

 

 

 

 

 

Paul Roberts, IDG News Service

Antivirus

companies are warning Internet users about W32.Swen, a new worm that spreads

using e-mail messages, vulnerable network connections, Internet Relay Chat

(IRC), and peer-to-peer networks.

F-Secure,

Network Associates, and Symantec all have issued warnings about Swen, indicating that the worm is spreading on the

Internet. Customers are being advised to update their antivirus definitions to

detect and nullify Swen.

Finding

a Flaw

First

detected on Thursday, Swen exploits a security hole

in Microsoft's Internet Explorer Web browser. It affects all supported versions

of the Windows operating system, according to security products vendor F-Secure

of Helsinki.

The

worm poses as a software security update from Microsoft. Its message prompts

users with " Yes " or " No " buttons to agree to install the

update, and even provides an installation " progress " bar if they do

agree.

However,

the worm code is installed regardless of what users select. Once it has

infected a system, Swen alters the configuration of

Windows so the worm is launched whenever Windows is started. The worm also

detects and disables antivirus software or other Windows features that could be

used to disable it, according to F-Secure.

Like

other mass mailing worms, Swen scans an infected

machine's hard drive for e-mail addresses and uses those to send out more

copies of itself, skimming SMTP server addresses and

user names from Windows.

Infected

e-mail messages are formatted to look like official correspondence from

Microsoft. The messages appear to come from one of a variety of randomly

generated senders like " MS Technical Assistance " and advertise a

" cumulative patch " for Internet Explorer to patch " three newly

discovered vulnerabilities, " F-Secure says.

Other

Routes

The

worm also can detect the presence of IRC clients or the Kazaa

peer-to-peer file-sharing client application, and then distribute itself on

those networks. Swen places a specialized script file

that sends a virus file to every computer on the same IRC channel as the

infected computer.

For

machines running Kazaa file-sharing software, Swen enables the file-sharing feature, if it is not already

enabled. It places multiple copies of itself in the Kazaa

shared files folder, disguised as Kazaa client

software, pirated software, or other popular applications, F-Secure says.

More

than one antivirus company notes the similarity between Swen

and an earlier worm, W32.Gibe, which appeared in March. Like Swen, Gibe also attempted to spread by e-mail as well as Kazaa and IRC networks, while posing as a piece of

legitimate Microsoft software when installed.