This is a bad one. I've gotten over 30 messages containing this virus. Luckily my Internet e-mail provider has stopped all of them from infecting my systems. So far it has been attached to subject lines: Abort Announcement New Internet Pack (Microsoft) Last Pack (Microsoft) New Net Update (Microsoft) - This looks very real, even cvame in HTML format with links! and the Beat goes on... Good luck. Mike Cuciti CBM Computer Solutions ----- Original Message ----- From: "Zot O'Connor" <zot@private> To: "CRIME List" <crime@private> Sent: Friday, September 19, 2003 7:49 AM Subject: CRIME New worm swen > As I am ending the day I got a update in from Microsoft. > > It looks damn legit. If I was not normally paranoid, and a bit > surprised Microsoft would send me a patch, then I could have thought it > legit. Remember, I am *supposed* to be one of the clueful ones :) I > imagine a lot of users will click on this. It seemed to escape the mail > filter, but not the local file scanner. A slight lag in virus > updates...... > > It is a virus. Microsoft *never* emails updates. The patch name was > update93.exe. I am not sure if that is consistent. > > The email header was "Subject: Current Internet Critical Patch" > > http://www.f-secure.com/v-descs/swen.shtml > > Has screen shots. > > http://news.zdnet.co.uk/internet/security/0,39020375,39116479,00.htm > > Swen' worm poses as security patch > > Matthew Broersma > ZDNet UK > September 18, 2003, 17:50 BST > > Antivirus experts fear a new Windows worm could fool many into > installing it, because of its legitimate appearance > > Antivirus companies are warning of a new Windows worm that has the > potential to spread quickly because it appears to be a legitimate > security update from Microsoft. > > > > > > -- > Zot O'Connor > > http://www.ZotConsulting.com > http://www.WhiteKnightHackers.com > >
This archive was generated by hypermail 2b30 : Fri Sep 19 2003 - 09:30:39 PDT