Re: CRIME New worm swen

From: Mike Cuciti (mcuciti@private)
Date: Fri Sep 19 2003 - 08:53:37 PDT

  • Next message: George Heuston: "CRIME FW: NYS OCSCIC-Cyber Advisory: Swen (aka Gibe) worm poses asofficial patch from Microsoft - Risk: Low/"

    This is a bad one. I've gotten over 30 messages containing this virus.
    Luckily my Internet e-mail provider has stopped all of them from infecting
    my systems.
    
    So far it has been attached to subject lines:
    
    Abort Announcement
    New Internet Pack (Microsoft)
    Last Pack (Microsoft)
    New Net Update (Microsoft) - This looks very real, even cvame in HTML format
    with links!
    
    and the Beat goes on...
    
    Good luck.
    
    Mike Cuciti
    CBM Computer Solutions
    
    ----- Original Message ----- 
    From: "Zot O'Connor" <zot@private>
    To: "CRIME List" <crime@private>
    Sent: Friday, September 19, 2003 7:49 AM
    Subject: CRIME New worm swen
    
    
    > As I am ending the day I got a update in from Microsoft.
    >
    > It looks damn legit.  If I was not normally paranoid, and a bit
    > surprised Microsoft would send me a patch, then I could have thought it
    > legit.  Remember, I am *supposed* to be one of the clueful ones :)  I
    > imagine a lot of users will click on this.  It seemed to escape the mail
    > filter, but not the local file scanner.  A slight lag in virus
    > updates......
    >
    > It is a virus.  Microsoft *never* emails updates.  The patch name was
    > update93.exe.  I am not sure if that is consistent.
    >
    > The email header was "Subject: Current Internet Critical Patch"
    >
    > http://www.f-secure.com/v-descs/swen.shtml
    >
    > Has screen shots.
    >
    > http://news.zdnet.co.uk/internet/security/0,39020375,39116479,00.htm
    >
    > Swen' worm poses as security patch
    >
    > Matthew Broersma
    > ZDNet UK
    > September 18, 2003, 17:50 BST
    >
    > Antivirus experts fear a new Windows worm could fool many into
    > installing it, because of its legitimate appearance
    >
    > Antivirus companies are warning of a new Windows worm that has the
    > potential to spread quickly because it appears to be a legitimate
    > security update from Microsoft.
    >
    >
    >
    >
    >
    > -- 
    > Zot O'Connor
    >
    > http://www.ZotConsulting.com
    > http://www.WhiteKnightHackers.com
    >
    >
    



    This archive was generated by hypermail 2b30 : Fri Sep 19 2003 - 09:30:39 PDT