Re: Was NT AUTHORITY SYSTEM now, for the moment, Swen worm rembered on its second anniversary

From: Pam (phfloresatverizondotnet)
Date: 09/17/05


Date: Fri, 16 Sep 2005 21:30:51 -0700

Phil: More fantastic info which I'm itching to read. By the way, your
Subject line was a "great explanation", for the wanderings of my mind in an
NT AUTHORITY SYSTEM thread subject line :) Hope the original poster doesn't
mind the side tracking. Totally forgot this is the 2 year anniversary for
Swen, just hope what's ever in store that would be similar to Swen doesn't
have a incredibly vast spread or worse consequences.

Thanks,

Pam
"Phil Weldon" <notdiscosed@example.com> wrote in message
news:u1MWe.12704$9i4.7197@newsread2.news.atl.earthlink.net...
> 'Pam' wrote, in part:
> | As annoying as this worm was, and it's
> | incredible proliferation abilities, the info you provided I find very
> | interesting!
> _____
>
> 'Tiscali', or some similar name was the identity of a mail server in Italy
> that continued to email notifications of 'infected email received' based
> on my email address used as a spoofed 'from' address. It wasn't a source
> of 'Swen'.
>
> I never had any hope of tracking down the orgin; I just hoped to gather
> some clues to its spread and where the final repositories of infection
> remained as it receeded.
>
> Below is a digest of Swen news items from September 25, 2003
>
> Phil Weldon
>
> Vietnam
> Ha Noi, Sept. 24 (VNA) -- Computer virus W32. Swen. A has afflicted more
> than 100 PCs in Viet Nam since it proliferated in the country on Saturday,
> Director of the Back Khoa Internetwork Security Centre (BKIS) Nguyen Tu
> Quang said on Tuesday.
>
> Asia
> The dominance of Microsoft in personal computer software leaves critical
> networks vulnerable to attacks from viruses and hackers, says a report by
> security experts.
>
> The report, released by a trade group backed by rivals of Microsoft,
> highlights longstanding concerns about the national security risks posed
> by the company's near-monopoly in personal computers.
>
> Channelnewsasia.com
> Asia
> Swen virus could infect millions more computers: expert
>
>
> The Swen computer virus has infected at least 200,000 computers worldwide
> and could spread to millions more on Monday when office workers return to
> their desks after the weekend, says an expert.
>
> Channelnewsasia.com
>
> USA
>
> Spread via e-mail, the "Swen" worm appears to do little damage, but
> experts say the unknown author's painstaking attempt to make it look like
> a real security bulletin from Microsoft shows a level of trickery new to
> Internet virus and worm attacks.
> "This is a level of creativity we've not seen before," said Tony
> Magallanez, a San Jose, Calif.-based systems engineer for F-Secure, a
> Finnish anti-virus company. "This is a very authentic looking message that
> definitely uses some sophisticated social engineering tactics."
> Biznews.com
> South Africa
> Quick action taken by TelkomInternet has saved its users from a major
> virus onslaught, after a new virus -- W32.Swen.A -- appeared last Thursday
> and started ramping up even faster than the sobig.f and blaster worms, the
> telecommunications group disclosed on Tuesday.
>
> The W32.Swen.A virus is a variant of Worm.Gibe.F, and is blocked by the
> TelkomInternet scanner that thwarted more than 5 000 instances on Sunday
> alone. The virus masquerades as a Microsoft security patch, sets up a mail
> server on the recipient's system, asks for the email account details and
> password, and then starts to spam the world.
>
> The load caused by this virus has trebled the number of incoming mail
> connections to the TelkomInternet servers, causing mail delivery to slow
> down.
> Mail & Guardian,
> Johannesburg
> Ireland
> The Irish Times reports that thousands of Indigo.ie e-mail account holders
> experienced lengthy delays to their e-mail services Tuesday following the
> spread of a computer worm called Swen. The worm, which by Tuesday night
> had infected 1.5 million computers worldwide, is disguised as a legitimate
> e-mail from Microsoft promising a software patch. But the e-mail
> automatically executes an attachment that infects a computer users'
> machine and also tries to steal e-mail account data.
> Electricnews.net
>
> USA
> Another Worm Is Crawling Cyberspace
> SEATTLE - If you have been noticing some new irritating e-mail in your
> inbox today, you're not alone. Yet another new worm is crawling around the
> Internet.
> Kokomo1000 News
>
>
>
>
>



Relevant Pages

  • Re: Watch out for this
    ... The 'swen' worm and its effects, ... there is not much you can do to stop the flood. ... e-mail for virus infection. ... You can use a remote virus scan from one of the antivirus program ...
    (microsoft.public.security.virus)
  • MS-DOS 3.3 to WinXP SP2 - Never had a virus, until tonight.
    ... and never before have I had a virus infection. ... When I searched for 'online virus scanner' in Google/NineMSN/Yahoo, Internet ... Description:General Windows Security Issue. ... POSSIBLE SOURCES OF INFECTION: ...
    (microsoft.public.security.virus)
  • Re: MS-DOS 3.3 to WinXP SP2 - Never had a virus, until tonight.
    ... Please go to one or more of the below online scanners and perform a scan of your platform ... and never before have I had a virus infection. ... | Description:General Windows Security Issue. ...
    (microsoft.public.security.virus)
  • Re: Microsoft updates - possible virus?
    ... This worm has two main effects, ... the hotlinks in this message are valid Microsoft links, ... You can install all appropriate Microsoft security patches and Service ... you can proof your system against infection, ...
    (microsoft.public.security.virus)
  • Re: Email from Microsoft is it a fraud
    ... Director of the Back Khoa Internetwork Security Centre Nguyen Tu ... security bulletin from Microsoft shows a level of trickery new to Internet ... Quick action taken by TelkomInternet has saved its users from a major virus ... spread of a computer worm called Swen. ...
    (microsoft.public.security.virus)