Re: Was NT AUTHORITY SYSTEM now, for the moment, Swen worm rembered on its second anniversary

From: Pam (phfloresatverizondotnet)
Date: 09/17/05

Date: Fri, 16 Sep 2005 21:30:51 -0700

Phil: More fantastic info which I'm itching to read. By the way, your
Subject line was a "great explanation", for the wanderings of my mind in an
NT AUTHORITY SYSTEM thread subject line :) Hope the original poster doesn't
mind the side tracking. Totally forgot this is the 2 year anniversary for
Swen, just hope what's ever in store that would be similar to Swen doesn't
have a incredibly vast spread or worse consequences.


"Phil Weldon" <> wrote in message
> 'Pam' wrote, in part:
> | As annoying as this worm was, and it's
> | incredible proliferation abilities, the info you provided I find very
> | interesting!
> _____
> 'Tiscali', or some similar name was the identity of a mail server in Italy
> that continued to email notifications of 'infected email received' based
> on my email address used as a spoofed 'from' address. It wasn't a source
> of 'Swen'.
> I never had any hope of tracking down the orgin; I just hoped to gather
> some clues to its spread and where the final repositories of infection
> remained as it receeded.
> Below is a digest of Swen news items from September 25, 2003
> Phil Weldon
> Vietnam
> Ha Noi, Sept. 24 (VNA) -- Computer virus W32. Swen. A has afflicted more
> than 100 PCs in Viet Nam since it proliferated in the country on Saturday,
> Director of the Back Khoa Internetwork Security Centre (BKIS) Nguyen Tu
> Quang said on Tuesday.
> Asia
> The dominance of Microsoft in personal computer software leaves critical
> networks vulnerable to attacks from viruses and hackers, says a report by
> security experts.
> The report, released by a trade group backed by rivals of Microsoft,
> highlights longstanding concerns about the national security risks posed
> by the company's near-monopoly in personal computers.
> Asia
> Swen virus could infect millions more computers: expert
> The Swen computer virus has infected at least 200,000 computers worldwide
> and could spread to millions more on Monday when office workers return to
> their desks after the weekend, says an expert.
> Spread via e-mail, the "Swen" worm appears to do little damage, but
> experts say the unknown author's painstaking attempt to make it look like
> a real security bulletin from Microsoft shows a level of trickery new to
> Internet virus and worm attacks.
> "This is a level of creativity we've not seen before," said Tony
> Magallanez, a San Jose, Calif.-based systems engineer for F-Secure, a
> Finnish anti-virus company. "This is a very authentic looking message that
> definitely uses some sophisticated social engineering tactics."
> South Africa
> Quick action taken by TelkomInternet has saved its users from a major
> virus onslaught, after a new virus -- W32.Swen.A -- appeared last Thursday
> and started ramping up even faster than the sobig.f and blaster worms, the
> telecommunications group disclosed on Tuesday.
> The W32.Swen.A virus is a variant of Worm.Gibe.F, and is blocked by the
> TelkomInternet scanner that thwarted more than 5 000 instances on Sunday
> alone. The virus masquerades as a Microsoft security patch, sets up a mail
> server on the recipient's system, asks for the email account details and
> password, and then starts to spam the world.
> The load caused by this virus has trebled the number of incoming mail
> connections to the TelkomInternet servers, causing mail delivery to slow
> down.
> Mail & Guardian,
> Johannesburg
> Ireland
> The Irish Times reports that thousands of e-mail account holders
> experienced lengthy delays to their e-mail services Tuesday following the
> spread of a computer worm called Swen. The worm, which by Tuesday night
> had infected 1.5 million computers worldwide, is disguised as a legitimate
> e-mail from Microsoft promising a software patch. But the e-mail
> automatically executes an attachment that infects a computer users'
> machine and also tries to steal e-mail account data.
> Another Worm Is Crawling Cyberspace
> SEATTLE - If you have been noticing some new irritating e-mail in your
> inbox today, you're not alone. Yet another new worm is crawling around the
> Internet.
> Kokomo1000 News