Beware of patches claiming to be from microsoft
19 September 2003, 05:09 PM
#1
Scooby Regular
Thread Starter
http://www.theregister.co.uk/content/56/32925.html
Nasty worm poses as MS security update
By John Leyden
Posted: 19/09/2003 at 08:03 GMT
Windows users were yesterday warned of the appearance of a worm that poses as a security update from Microsoft but actually causes all manner of mischief on infected PCs.
Swen-A (AKA Gibe-F) is a mass-mailing worm that also attempts to spread through file-sharing networks, such as KaZaA and IRC, and over local area network shares. The worm attempts to de-activate antivirus and personal firewall programs running on an infected computer.
AV vendors warn that the worm is spreading rapidly and that disinfection is difficult. As usual this is a Windows-only menace Linux, Macintosh, Microsoft OS/2 and Unix users are immune.
Swen-A uses a well known vulnerability in Internet Explorer to execute directly from e-mail. Windows users can also catch the pox by executing an infected email attachment.
Finnish AV firm F-Secure compares the worm to Gibe, and believes it is likely that the same author wrote both worms.
Swen-A (like Gibe and numerous other viruses before it) purports to be a security alert from Microsoft. This time around infectious messages come with a well-presented HTML message complete with graphics that are more likely to trip up the unwary.
The worm can also impersonate mail delivery failure notices, attaching itself as a randomly named executable.
Swen-A attempts to spread by emailing itself using its own SMTP client to addresses extracted from various sources on the victim's drives (e.g.MBX and DBX files). Periodically the worm presents users with a fake MAPI Exception error, prompting them to enter the details of their email account (name, user name, servers).
Sneaky.
Swen-A also makes modifications which make it hard to run Reg Edit,
along with other changes to infected PCs explained in advisories from F-Secure and Symantec.
Windows users are advised to update the virus signature files on their AV scanners to defend themselves against the worm, which is all very well but the reason the virus got a hold in the first place is probably because of the shortcomings of the scanner model.
You have been warned...
Windyboy
Nasty worm poses as MS security update
By John Leyden
Posted: 19/09/2003 at 08:03 GMT
Windows users were yesterday warned of the appearance of a worm that poses as a security update from Microsoft but actually causes all manner of mischief on infected PCs.
Swen-A (AKA Gibe-F) is a mass-mailing worm that also attempts to spread through file-sharing networks, such as KaZaA and IRC, and over local area network shares. The worm attempts to de-activate antivirus and personal firewall programs running on an infected computer.
AV vendors warn that the worm is spreading rapidly and that disinfection is difficult. As usual this is a Windows-only menace Linux, Macintosh, Microsoft OS/2 and Unix users are immune.
Swen-A uses a well known vulnerability in Internet Explorer to execute directly from e-mail. Windows users can also catch the pox by executing an infected email attachment.
Finnish AV firm F-Secure compares the worm to Gibe, and believes it is likely that the same author wrote both worms.
Swen-A (like Gibe and numerous other viruses before it) purports to be a security alert from Microsoft. This time around infectious messages come with a well-presented HTML message complete with graphics that are more likely to trip up the unwary.
The worm can also impersonate mail delivery failure notices, attaching itself as a randomly named executable.
Swen-A attempts to spread by emailing itself using its own SMTP client to addresses extracted from various sources on the victim's drives (e.g.MBX and DBX files). Periodically the worm presents users with a fake MAPI Exception error, prompting them to enter the details of their email account (name, user name, servers).
Sneaky.
Swen-A also makes modifications which make it hard to run Reg Edit,
along with other changes to infected PCs explained in advisories from F-Secure and Symantec.
Windows users are advised to update the virus signature files on their AV scanners to defend themselves against the worm, which is all very well but the reason the virus got a hold in the first place is probably because of the shortcomings of the scanner model.
You have been warned...
Windyboy
:
19 September 2003, 07:14 PM
#6
I NEVER open email from addresses i dont know.
BUT..... the other day i got one subject; Undelivered Message (or something similar)... Sender: MAILER-DAEMON.
I couldnt remember the exact senders details for a genuine returned email and clicked it
It was some advertising crap. But it DID catch me out.
BUT..... the other day i got one subject; Undelivered Message (or something similar)... Sender: MAILER-DAEMON.
I couldnt remember the exact senders details for a genuine returned email and clicked it
It was some advertising crap. But it DID catch me out.
Trending Topics
Thread
Thread Starter
Forum
Replies
Last Post
Mattybr5@MB Developments
Full Cars Breaking For Spares
38
17 July 2016 10:43 PM
Mattybr5@MB Developments
Full Cars Breaking For Spares
28
28 December 2015 11:07 PM
Mattybr5@MB Developments
Full Cars Breaking For Spares
12
18 November 2015 07:03 AM