Re: Mascarade Email from "Microsoft" : W32.Swen.A@mm attached !
From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 02/15/04
- Next message: David H. Lipman: "Re: W32.IrcBot"
- Previous message: David H. Lipman: "Re: W32/PATE.B"
- In reply to: Jacques Laporte: "Mascarade Email from "Microsoft" : W32.Swen.A@mm attached !"
- Next in thread: N. Miller: "Re: Mascarade Email from "Microsoft" : W32.Swen.A@mm attached !"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 14 Feb 2004 18:23:04 -0500
The Swen is news spelled backwards. The reason it is called this is because the Swen worm
harvests email addresses from UseNet News Groups. It has an engine that allows it to post
itself to UseNet News Groups as well as it has its own email engine. From the list of
email addresses that it has harvested, it will then email itself to those addresses.
W32/Swen@MM - http://vil.nai.com/vil/content/v_100662.htm
W32.Swen.A@mm - http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html
There are several Internet worms that masquerade as patches from Microsoft. The most common
are; Swen, Dumaru, Gibe and Torvil. All AV companies and Microsoft are fully aware of this
problem.
All you can do is...
1. Keep your AV package up-to-date
2. Create email "rules" to auto-delete the offending messages
3. Petition your ISP to install AV software on their respective email servers.
4. Install *all* MS Critical Updates via the Windows Update web site.
5. Always munge your email address when posting to UseNet
6. If all else fails, Change your email address.
Dave
"Jacques Laporte" <anonymous@discussions.microsoft.com> wrote in message
news:EE1B7242-ED8B-4FE0-B7B0-FE58F20F2343@microsoft.com...
| I received an emai form "Microsoft Corporation Technical Services Microsoft Corporation
Technical Services", with all the MS graphical environnement (same colors, same logos). It
says :
|
| "Microsoft Customer
|
| this is the latest version of security update, the "February 2004, Cumulative Patch"
update which resolves all known security vulnerabilities affecting MS Internet Explorer, MS
Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install
now to protect your computer from these vulnerabilities, the most serious of which could
allow an malicious user to run executable on your system. This update includes the
functionality of all previously released patches.
| "
|
| Norton blocked it !
| Got a W32.Swen.A@mm attached.
| Safe world !
| Jacques
| comes form mps2.plala.or.jp (c145240.vh.plala.or.jp [210.150.145.240])
|
- Next message: David H. Lipman: "Re: W32.IrcBot"
- Previous message: David H. Lipman: "Re: W32/PATE.B"
- In reply to: Jacques Laporte: "Mascarade Email from "Microsoft" : W32.Swen.A@mm attached !"
- Next in thread: N. Miller: "Re: Mascarade Email from "Microsoft" : W32.Swen.A@mm attached !"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
