W32.Swen.A@mm worm

W32.Swen.A@mm worm
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
W32.Swen.A@mm worm Nate 05-04-2006
`--> Re: W32.Swen.A@mm worm Tom [Pepper] Wi...05-04-2006
Posted by =?Utf-8?B?TmF0ZQ==?= on May 4, 2006, 12:21 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Just a warning that the e-mail circulating about a "Microsoft Update" that is
clearly from a spoofed email contains this virus.
The subject header is "Current Net Patch"

The file contained is Install.exe (104k)





X-Originating-IP:         [193.252.22.25]

Authentication-Results:        mta251.mail.re2.yahoo.com domainkeys=fail (bad syntax)
Received:        from 193.252.22.25 (EHLO smtp6.wanadoo.fr) (193.252.22.25) by
mta251.mail.re2.yahoo.com with SMTP; Tue, 02 May 2006 02:12:26 -0700
Received:        from smtp6.wanadoo.fr (mwinf0603 [172.22.137.25]) by
mwinf0610.wanadoo.fr (SMTP Server) with ESMTP id 88AA980481A for
Received:        from me-wanadoo.net (localhost [127.0.0.1]) by
mwinf0603.wanadoo.fr (SMTP Server) with ESMTP id CE8121C00232 for
Received:        from veouybe (Mix-Clermont-F-103-1-134.w193-250.abo.wanadoo.fr
[193.250.93.134]) by mwinf0603.wanadoo.fr (SMTP Server) with SMTP id
4C1F01C0023B; Tue, 2 May 2006 11:11:50 +0200 (CEST)

Posted by bry on May 4, 2006, 4:30 am
If you were  Registered and logged in, you could reply and use other advanced thread options
I think I got the same email last week.

After a few moments of thought and a peak at the address on the email,
that lead me to believe it was phony.

The body of the message is official looking enough,
but MS isn't going to do any door to door warning, now or in the
future.

Now I feel a bit smarter.

But wait a minute or two and I'll do something dumb again, later to my
computer.


Posted by =?Utf-8?B?UGFuZGFfbWFu?= on May 4, 2006, 7:25 am
If you were  Registered and logged in, you could reply and use other advanced thread options
My reply is at the bottom of your message :


"bry" wrote:

> The body of the message is official looking enough,
> but MS isn't going to do any door to door warning, now or in the
> future.
>


This is the onliest thing that can protect you - your knowledge . Yes ,
Microsoft NEVER sends such an emails , especially mails that contain
attachments ;-)


Panda_man
--
Bronze level Contributor
http://pandaman.my.contact.bg
http://www.eset.com
Please , rate posts

Posted by David H. Lipman on May 4, 2006, 7:58 am
If you were  Registered and logged in, you could reply and use other advanced thread options

| Just a warning that the e-mail circulating about a "Microsoft Update" that is
| clearly from a spoofed email contains this virus.
| The subject header is "Current Net Patch"

| The file contained is Install.exe (104k)

< snip>

If you post to UseNet with your TRUE, not a munged, email address then you have
invited
the
swen Internet worm [aka; W32/Gibe-F] to visit you.

The Swen is news spelled backwards. The reason it is called this is because the
Swen worm
harvests email addresses from UseNet News Groups. It has an engine that allows
it to post
itself to UseNet News Groups and well as it has its own email engine. From the
list of
email addresses that it has harvested, it will then email itself to those
addresses.

W32/Swen@MM - http://vil.nai.com/vil/content/v_100662.htm

W32.Swen.A@mm -
http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html


There are several Internet worms that masquerade as patches from Microsoft. The
most
common
are; Swen, Dumaru, Gibe and Torvil. All AV companies and Microsoft are fully
aware of
this
problem.

All you can do is...

1. Keep your AV package up-to-date
2. Create email "rules" to auto-delete the offending messages
3. Petition your ISP to install AV software on their respective email servers.
4. Install all MS Critical Updates via the Windows Update web site.
5. Always munge your email address when posting to UseNet
6. If all else fails, Change your email address.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Posted by Tom [Pepper] Willett on May 4, 2006, 6:24 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
It's been circulating for a couple of years or so.

Tom

> Just a warning that the e-mail circulating about a "Microsoft Update" that
> is
> clearly from a spoofed email contains this virus.
> The subject header is "Current Net Patch"
>
> The file contained is Install.exe (104k)
>
>
>
>
>
> X-Originating-IP: [193.252.22.25]
>
> Authentication-Results: mta251.mail.re2.yahoo.com domainkeys=fail (bad
> syntax)
> Received: from 193.252.22.25 (EHLO smtp6.wanadoo.fr) (193.252.22.25) by
> mta251.mail.re2.yahoo.com with SMTP; Tue, 02 May 2006 02:12:26 -0700
> Received: from smtp6.wanadoo.fr (mwinf0603 [172.22.137.25]) by
> mwinf0610.wanadoo.fr (SMTP Server) with ESMTP id 88AA980481A for
> Received: from me-wanadoo.net (localhost [127.0.0.1]) by
> mwinf0603.wanadoo.fr (SMTP Server) with ESMTP id CE8121C00232 for
> Received: from veouybe (Mix-Clermont-F-103-1-134.w193-250.abo.wanadoo.fr
> [193.250.93.134]) by mwinf0603.wanadoo.fr (SMTP Server) with SMTP id
> 4C1F01C0023B; Tue, 2 May 2006 11:11:50 +0200 (CEST)



Similar ThreadsPosted
The Internet worm 'Swen' rides again September 28, 2005, 7:50 pm
Worm VB.AS Aliases W32.Alcra.B and W32/Alcan.worm!p2p July 18, 2005, 8:37 am
WORM/DELF.FPV - new worm?? January 14, 2008, 6:58 am
new worm? June 20, 2006, 5:09 am
new worm i think November 22, 2006, 6:15 pm
RE NEW WORM November 23, 2006, 5:24 pm
Worm? November 11, 2008, 1:17 pm
Virus/worm? October 25, 2005, 2:29 am
Virus-Worm April 6, 2006, 5:43 pm
Worm Rontok April 20, 2006, 10:35 pm

The site map in XML format XML site map

Contact Us | Privacy Policy