Re: Unwanted email messages

From: Larry Samuels MS-MVP XP \(Shell/User\) (larry_at_mvps.org)
Date: 09/20/03


Date: Sat, 20 Sep 2003 01:11:44 -0400


Hi Carolyn,
You are not infected--your email address has been harvested from other users
and from the newsgroups for attack by infected pcs.

The two worms mentioned are the same.

-- 
Larry Samuels MS-MVP  (Windows-Shell/User)
Associate Expert
Unofficial FAQ for Windows Server 2003 at
http://home.earthlink.net/~larrysamuels/WS2003FAQ.htm
Expert Zone - www.microsoft.com/windowsxp/expertzone
"Carolyn" <canels@bellsouth.net> wrote in message
news:0c8a01c37f34$4357a470$a101280a@phx.gbl...
> I had norton check my system and it did not find this
> virus. Is there a difference between the w32.Swen.A@mm
> and the W32/Swen@mm?
>
> >-----Original Message-----
> >This is a worm W32/Swen@MM
> >It doesn't matter what OS you are running--you would
> still be receiving the
> >emails from infected pcs.
> >
> >PSS Security Response Team Alert - New E-Mail Worm:
> W32/Swen@MM
> >
> >SEVERITY: MODERATE
> >DATE: September 18, 2003
> >PRODUCTS AFFECTED: Microsoft Outlook, Microsoft Outlook
> Express, and
> >Web-based e-mail
> >
> >*********************************************************
> *************
> >
> >WHAT IS IT?
> >W32/Swen@MM spreads via e-mail and network shares.  The
> Microsoft
> >Product Support Services Security Team is issuing this
> alert to advise
> >customers to be on the alert for this virus as it
> spreads in the wild.
> >Customers are advised to review the information and take
> the appropriate
> >action for their environments.
> >
> >IMPACT OF ATTACK: Mass Mailing, disabling processes
> related to security
> >software such as antivirus and firewall software
> >
> >TECHNICAL DETAILS:
> >For additional details on this worm from anti-virus
> software vendors
> >participating in the Microsoft Virus Information
> Alliance (VIA) please
> >visit the following links:
> >
> >Network Associates:
> >
> >http://vil.nai.com/vil/content/v_100662.htm
> >
> >Trend Micro:
> >
> >http://www.trendmicro.com/vinfo/virusencyclo/default5.asp
> ?VName=WORM_SWE
> >N.A
> >
> >Symantec
> >
> >http://securityresponse.symantec.com/avcenter/venc/data/w
> 32.swen.a@mm.ht
> >ml
> >
> >Computer Associates:
> >
> >http://www3.ca.com/virusinfo/virus.aspx?ID=36939
> >
> >For more information on Microsoft's Virus Information
> Alliance please
> >visit this link:
> http://www.microsoft.com/technet/security/virus/via.asp
> >
> >
> >Please contact your Antivirus Vendor for additional
> details on this
> >virus.
> >
> >
> >PREVENTION:
> >
> >1. This worm is exploiting a previously patched
> vulnerability.  The
> >vulnerability exploited is related to the following
> Microsoft Security
> >Bulletin:
> >http://www.microsoft.com/technet/security/bulletin/ms01-
> 020.asp
> >
> >As always, customers are advised to install the latest
> security patch
> >for Internet Explorer.  Information on the latest
> cumulative security
> >patch for
> >Internet Explorer can be found here:
> >http://www.microsoft.com/technet/security/bulletin/MS03-
> 032.asp
> >
> >2. Outlook 2000 post SP2 and Outlook XP SP1 include the
> most recent
> >updates to improve the security in Outlook and other
> Office programs.
> >This includes the functionality to block potentially
> harmful attachment
> >types. If you are running either of these versions, they
> will (by
> >default) block the attachment, and you will be unable to
> open it.
> >
> >To ensure you are using the latest version of Office
> click here:
> >http://office.microsoft.com/ProductUpdates/default.aspx
> >
> >By default, Outlook 2000 pre SR1 and Outlook 98 did not
> include this
> >functionality, but it can be obtained by installing the
> Outlook E-mail
> >Security Update. More information about the Outlook E-
> mail Security
> >Update can be found here:
> >
> >http://office.microsoft.com/Downloads/2000/Out2ksec.aspx
> >
> >Outlook Express 6 can be configured to block access to
> >potentially-damaging attachments. Information about how
> to configure
> >this can be found here:
> >
> >http://support.microsoft.com/default.aspx?scid=kb;en-
> us;Q291387
> >
> >Outlook Express all other versions: Previous versions of
> Outlook Express
> >do not contain attachment-blocking functionality. Please
> exercise
> >extreme caution when opening unsolicited e-mail messages
> with
> >attachments.
> >
> >Web-based e-mail programs: Use of a program-level
> firewall can protect
> >you from being infected with this virus through Web-
> based e-mail
> >programs.
> >
> >RECOVERY:
> >If your computer has been infected with this virus,
> please contact your
> >preferred antivirus vendor or Microsoft Product Support
> Services for
> >assistance with removing it.
> >
> >TECHNET SECURITY LINK:
> >http://www.microsoft.com/technet/security/virus/alerts/sw
> en.asp
> >
> >As always please make sure to use the latest Anti-Virus
> detection from
> >your Anti-Virus vendor to detect new viruses and their
> variants.
> >
> >If you have any questions regarding this alert please
> contact your
> >Microsoft representative or 1-866-727-2338 (1-866-
> PCSafety) within the
> >US, outside of the US please contact your local
> Microsoft Subsidiary.
> >Support for virus related issues can also be obtained
> from the Microsoft
> >Virus Support Newsgroup which can be located by clicking
> on the
> >following link
> >news://msnews.microsoft.com/microsoft.public.security.vir
> us.
> >
> >PSS Security Response Team
> >
> >-- 
> >Larry Samuels MS-MVP  (Windows-Shell/User)
> >Associate Expert
> >Unofficial FAQ for Windows Server 2003 at
> >http://home.earthlink.net/~larrysamuels/WS2003FAQ.htm
> >Expert Zone - www.microsoft.com/windowsxp/expertzone
> >
> >"Carolyn" <canels@bellsouth.net> wrote in message
> >news:0c1701c37f28$d16b5ec0$a101280a@phx.gbl...
> >> I installed windows XP Professional Upgrade on my
> >> computer two days ago. Ever since the upgrade was
> >> installed I am getting a minimum 70 emails in mu
> Outlook
> >> inbox referring to Microsoft Security and Patches. I
> have
> >> not opened any. After reach incident, I would delete
> the
> >> files and empty my recycle and delete folder, and run
> >> Norton with the live update. when I go back to the
> inbox,
> >> I am once again flooded with another round of
> junk/virus
> >> emails. Norton quarentines each because it cannot be
> >> repaired. Norton list the virus name
> >> as "Worm.automat.AHB" This is really getting on my last
> >> nerve because it is interrupting my business process. I
> >> went to Norton's website and Microsoft website,
> >> downloaded the patches and the problem still exist!
> What
> >> do I need to do. This problem didn't start until I
> >> upgraded to what I was told was a more secure OS?
> >
> >
> >.
> >