Was NT AUTHORITY SYSTEM now, for the moment, Swen worm rembered on its second anniversary

From: Phil Weldon (notdiscosed_at_example.com)
Date: 09/17/05

Date: Sat, 17 Sep 2005 03:26:18 GMT

'Pam' wrote, in part:
| As annoying as this worm was, and it's
| incredible proliferation abilities, the info you provided I find very
| interesting!

'Tiscali', or some similar name was the identity of a mail server in Italy
that continued to email notifications of 'infected email received' based on
my email address used as a spoofed 'from' address. It wasn't a source of

I never had any hope of tracking down the orgin; I just hoped to gather some
clues to its spread and where the final repositories of infection remained
as it receeded.

Below is a digest of Swen news items from September 25, 2003

Phil Weldon

Ha Noi, Sept. 24 (VNA) -- Computer virus W32. Swen. A has afflicted more
than 100 PCs in Viet Nam since it proliferated in the country on Saturday,
Director of the Back Khoa Internetwork Security Centre (BKIS) Nguyen Tu
Quang said on Tuesday.

The dominance of Microsoft in personal computer software leaves critical
networks vulnerable to attacks from viruses and hackers, says a report by
security experts.

The report, released by a trade group backed by rivals of Microsoft,
highlights longstanding concerns about the national security risks posed by
the company's near-monopoly in personal computers.

Swen virus could infect millions more computers: expert

The Swen computer virus has infected at least 200,000 computers worldwide
and could spread to millions more on Monday when office workers return to
their desks after the weekend, says an expert.



Spread via e-mail, the "Swen" worm appears to do little damage, but experts
say the unknown author's painstaking attempt to make it look like a real
security bulletin from Microsoft shows a level of trickery new to Internet
virus and worm attacks.
"This is a level of creativity we've not seen before," said Tony Magallanez,
a San Jose, Calif.-based systems engineer for F-Secure, a Finnish anti-virus
company. "This is a very authentic looking message that definitely uses some
sophisticated social engineering tactics."
South Africa
Quick action taken by TelkomInternet has saved its users from a major virus
onslaught, after a new virus -- W32.Swen.A -- appeared last Thursday and
started ramping up even faster than the sobig.f and blaster worms, the
telecommunications group disclosed on Tuesday.

The W32.Swen.A virus is a variant of Worm.Gibe.F, and is blocked by the
TelkomInternet scanner that thwarted more than 5 000 instances on Sunday
alone. The virus masquerades as a Microsoft security patch, sets up a mail
server on the recipient's system, asks for the email account details and
password, and then starts to spam the world.

The load caused by this virus has trebled the number of incoming mail
connections to the TelkomInternet servers, causing mail delivery to slow
                                                          Mail & Guardian,
The Irish Times reports that thousands of Indigo.ie e-mail account holders
experienced lengthy delays to their e-mail services Tuesday following the
spread of a computer worm called Swen. The worm, which by Tuesday night had
infected 1.5 million computers worldwide, is disguised as a legitimate
e-mail from Microsoft promising a software patch. But the e-mail
automatically executes an attachment that infects a computer users' machine
and also tries to steal e-mail account data.

Another Worm Is Crawling Cyberspace
SEATTLE - If you have been noticing some new irritating e-mail in your inbox
today, you're not alone. Yet another new worm is crawling around the
Kokomo1000 News