Re: CRIME New worm swen

From: Jordan Gackowski (jgackowski@private)
Date: Fri Sep 19 2003 - 10:39:58 PDT

  • Next message: Kuo, Jimmy: "RE: CRIME Re: Funny way to deal with Nigerian Scammers [slightly off topic]"

    FYI - removal tool is now available.
    
    http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@private
    
    
    
    
    
    
    "Zot O'Connor" <zot@private> 
    Sent by: owner-crime@private
    09/19/2003 07:49 AM
    
    To
    CRIME List <crime@private>
    cc
    
    Subject
    CRIME New worm swen
    
    
    
    
    
    
    As I am ending the day I got a update in from Microsoft.
    
    It looks damn legit.  If I was not normally paranoid, and a bit
    surprised Microsoft would send me a patch, then I could have thought it
    legit.  Remember, I am *supposed* to be one of the clueful ones :)  I
    imagine a lot of users will click on this.  It seemed to escape the mail
    filter, but not the local file scanner.  A slight lag in virus
    updates......
    
    It is a virus.  Microsoft *never* emails updates.  The patch name was
    update93.exe.  I am not sure if that is consistent.
    
    The email header was "Subject: Current Internet Critical Patch"
    
    http://www.f-secure.com/v-descs/swen.shtml
    
    Has screen shots.
    
    http://news.zdnet.co.uk/internet/security/0,39020375,39116479,00.htm
    
    Swen' worm poses as security patch
    
    Matthew Broersma
    ZDNet UK
    September 18, 2003, 17:50 BST
     
    Antivirus experts fear a new Windows worm could fool many into
    installing it, because of its legitimate appearance
    
    Antivirus companies are warning of a new Windows worm that has the
    potential to spread quickly because it appears to be a legitimate
    security update from Microsoft. 
    
    
    
    
    
    -- 
    Zot O'Connor
    
    http://www.ZotConsulting.com
    http://www.WhiteKnightHackers.com
    
    
    
    
    
    



    This archive was generated by hypermail 2b30 : Fri Sep 19 2003 - 11:25:50 PDT