Virus Posing As Microsoft E-Mail Spreads Fast - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Virus Posing As Microsoft E-Mail Spreads Fast

Swen, a blended-threat worm, has accounted for more than 35,000 interceptions, according to E-mail filtering firm MessageLabs.

Less than 24 hours after first being detected, the Swen blended-threat worm picked up steam Friday, gained a foothold in the United States and the United Kingdom, and accounted for more than 35,000 interceptions by E-mail filtering firm MessageLabs.

Swen, also called W32/[email protected], Gibe, and W32/Gibe-F, masquerades as E-mail from Microsoft and purports to carry a security update as its file attachment. The worm can also propagate over Internet Relay Chat and peer-to-peer files sharing networks such as Kazaa, as well as over network shares within the firewall if a machine inside a company is infected.

"It is highly effective in spreading because it looks very official and masquerades as a legitimate E-mail from Microsoft or as a fix tool for a well-known virus," said Ken Dunham, an analyst with security firm iDefense.

Most security firms reacted to the fast-spreading worm by boosting their threat levels. Symantec, for instance, increased its ranking for Swen from a "2" to a "3" on its 1-through-5 scale, while Network Associates revised its rating from "low" to "medium."

MessageLabs, a U.K.-based message filtering company, said it has detected more than 35,000 instances of the worm, which now leads all other viruses and worms in the wild.

After additional analysis, iDefense's Dunham called the new worm "eerily similar to Sobig," the worm that clogged in-boxes last month.

Not only does Swen attempt to steal confidential information from an infected computer--leading in the most dire situation to theft of E-mail and other computer account data--but it also communicates with 230 remote IP addresses, as well as to a remote Web site to track infections.

So far, the reasons why the worm communicates with the 200-some other computers isn't known.

Swen also presents problems for users who haven't deployed a 2-1/2-year-old patch for vulnerability in Internet Explorer 5.01 (but not 5.01 with SP2 installed) and IE 5.5. The vulnerability stems from a flaw in how IE handles MIME types in HTML-based E-mail. Windows systems still vulnerable to this flaw are especially at risk, since Swen exploits the security gaffe to automatically, without user intervention, execute the worm. Users who haven't rolled out this patch should do so immediately.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Study Proposes 5 Primary Traits of Innovation Leaders
Joao-Pierre S. Ruth, Senior Writer,  11/8/2019
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
Register for InformationWeek Newsletters
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll