Was NT AUTHORITY SYSTEM now, for the moment, Swen worm rembered on its second anniversary

From: Phil Weldon (notdiscosed_at_example.com)
Date: 09/17/05


Date: Sat, 17 Sep 2005 03:26:18 GMT


'Pam' wrote, in part:
| As annoying as this worm was, and it's
| incredible proliferation abilities, the info you provided I find very
| interesting!
_____

'Tiscali', or some similar name was the identity of a mail server in Italy
that continued to email notifications of 'infected email received' based on
my email address used as a spoofed 'from' address. It wasn't a source of
'Swen'.

I never had any hope of tracking down the orgin; I just hoped to gather some
clues to its spread and where the final repositories of infection remained
as it receeded.

Below is a digest of Swen news items from September 25, 2003

Phil Weldon

Vietnam
Ha Noi, Sept. 24 (VNA) -- Computer virus W32. Swen. A has afflicted more
than 100 PCs in Viet Nam since it proliferated in the country on Saturday,
Director of the Back Khoa Internetwork Security Centre (BKIS) Nguyen Tu
Quang said on Tuesday.

Asia
The dominance of Microsoft in personal computer software leaves critical
networks vulnerable to attacks from viruses and hackers, says a report by
security experts.

The report, released by a trade group backed by rivals of Microsoft,
highlights longstanding concerns about the national security risks posed by
the company's near-monopoly in personal computers.

                              Channelnewsasia.com
Asia
Swen virus could infect millions more computers: expert

The Swen computer virus has infected at least 200,000 computers worldwide
and could spread to millions more on Monday when office workers return to
their desks after the weekend, says an expert.

                               Channelnewsasia.com

USA

Spread via e-mail, the "Swen" worm appears to do little damage, but experts
say the unknown author's painstaking attempt to make it look like a real
security bulletin from Microsoft shows a level of trickery new to Internet
virus and worm attacks.
"This is a level of creativity we've not seen before," said Tony Magallanez,
a San Jose, Calif.-based systems engineer for F-Secure, a Finnish anti-virus
company. "This is a very authentic looking message that definitely uses some
sophisticated social engineering tactics."
                                Biznews.com
South Africa
Quick action taken by TelkomInternet has saved its users from a major virus
onslaught, after a new virus -- W32.Swen.A -- appeared last Thursday and
started ramping up even faster than the sobig.f and blaster worms, the
telecommunications group disclosed on Tuesday.

The W32.Swen.A virus is a variant of Worm.Gibe.F, and is blocked by the
TelkomInternet scanner that thwarted more than 5 000 instances on Sunday
alone. The virus masquerades as a Microsoft security patch, sets up a mail
server on the recipient's system, asks for the email account details and
password, and then starts to spam the world.

The load caused by this virus has trebled the number of incoming mail
connections to the TelkomInternet servers, causing mail delivery to slow
down.
                                                          Mail & Guardian,
Johannesburg
Ireland
The Irish Times reports that thousands of Indigo.ie e-mail account holders
experienced lengthy delays to their e-mail services Tuesday following the
spread of a computer worm called Swen. The worm, which by Tuesday night had
infected 1.5 million computers worldwide, is disguised as a legitimate
e-mail from Microsoft promising a software patch. But the e-mail
automatically executes an attachment that infects a computer users' machine
and also tries to steal e-mail account data.
                                                 Electricnews.net

USA
Another Worm Is Crawling Cyberspace
SEATTLE - If you have been noticing some new irritating e-mail in your inbox
today, you're not alone. Yet another new worm is crawling around the
Internet.
Kokomo1000 News



Relevant Pages

  • Re: Having Hotmail problems? Please read.
    ... PSS Security Response Team Alert - New Worm: ... Microsoft Outlook, Microsoft Outlook Express, and ... you can prevent against infection by Mydoom.C ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: DBXtend extracted attachment query
    ... >messages from a folder, one of the extracted attachments has ... Symantec information about the virus to a colleague. ... VBS.KakWorm spreads using Microsoft Outlook Express. ... If you have a patched version of Outlook Express, this worm will ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: Email from Microsoft is it a fraud
    ... Director of the Back Khoa Internetwork Security Centre Nguyen Tu ... security bulletin from Microsoft shows a level of trickery new to Internet ... Quick action taken by TelkomInternet has saved its users from a major virus ... spread of a computer worm called Swen. ...
    (microsoft.public.security.virus)
  • Re: W32.swem.A@MM
    ... The 'swen' worm and its effects, ... there is not much you can do to stop the flood. ... e-mail for virus infection. ... the hotlinks in this message are valid Microsoft links, ...
    (microsoft.public.security.virus)
  • Re: Was NT AUTHORITY SYSTEM now, for the moment, Swen worm rembered on its second anniversary
    ... > some clues to its spread and where the final repositories of infection ... > Director of the Back Khoa Internetwork Security Centre Nguyen Tu ... > The Swen computer virus has infected at least 200,000 computers worldwide ... > Internet virus and worm attacks. ...
    (microsoft.public.security.virus)