VIRUS ALERT

[Alex_Blackwood]

Have just received two messages puporting to be from MICROSOFT SECURITY sources. On checking attachments (PATCH974.EXE) found both to contain VIRUS W32/SWEN@MM. BEWARE!

<hr width=100% size=1>

 

[Guest]

Post deleted by danfoley

 

[aztec]

thought i was being paranoid, but there was no reg trade mark after the word microsoft... so deleted them.... phew! thought it was just me!


cheers for the warning though, thanks.. steve.

<hr width=100% size=1>

 

[jimi]

Got this notification in the company

VIRUS ALERT: W32/Swen.A@MM


If you receive an email as described below, do not open it. Just delete it.

If you receive an email with an attachment, do not open the attachment unless you are expecting it and know exactly what it is.

Summary
A new virus called W32/Swen.A@MM has been announced by McAfee and other AntiVirus vendors. It is also called Gibe-E or Gibe-F.
It is a mass-mailing virus which also spreads via network shares.

Key points about the virus:

The W32/Swen.A@MM virus arrives via email in graphical HTML format, appearing to be a professionally-produced email from Microsoft offering a security update. However, Microsoft never issue updates via email.

The From: address is false and is randomly constructed by the virus. Examples include "MS Support Department" and "Microsoft Corporation Program Security Division".

The Subject: line is also randomly constructed - e.g. "New Microsoft Patch" and "Last Network Patch".

The email normally carries an executable attachment with a randomly-generated name - e.g. Q432727.exe and patch5559.exe.

If the virus is triggered, it displays a series of authentic-looking dialog boxes which appear to install Microsoft Security Updates.

Changes are made in the registry to run the virus each time the PC is rebooted.

The virus searches an infected PC for email addresses to send itself to.


<hr width=100% size=1>

 

[robp]

Close the Preview pane in Outlook Express. It can get in through that, without you opening the message.

<hr width=100% size=1>

 

[Neraida]

Me too, we don't open mails that come from unfamiliar sources at all, just delete them.

<hr width=100% size=1>

 

[Jimmy20V]

Just looked on our mailsweeper system here at work, had over 3000 attempts at this in the last 24hrs.

None getting through tho

<hr width=100% size=1>

 

[Guest]

there is a patch that has been out for years to close the hole whereby the preview pane lets you catch the virus
s

<hr width=100% size=1>

 

[Talbot]

if you use Norton Anti virus, (and use live update) then it will not allow you to download these virus messages. My system detects them as they arrive and deletes them immediately while telling you that yet another plonker's time wasting effort has been eradicated!!

<hr width=100% size=1>

 

[chas]

There is a new one!

My Norton has just found Worm.Automat.AHB in a similar message.

<hr width=100% size=1>

 

[Sarum28]

I am new to computers how do I delete it without opening it?

<hr width=100% size=1>Jonathan & Avril

 

[philip_stevens]

Alex,
amplifying your post, I have received this email from a computer whizz kid in Aussie.

Quote -
Fake Microsoft Email is Really a Worm

Big news on the security front this week (and one that several readers wrote asking about) is a message going around that pretends to be a message from Microsoft but the return address (support@microsoft.com) is forged and it contains a malicious attachment. This is actually a new variation on an old trick, one that was first reported back in May but is now back in a new incarnation:
http://www.winxpnews.com/rd/rd.cfm?id=030923SE-Fake_Email

The current version is known as Swen (W32.Swen.A@mm) and it claims to be a patch for Internet Explorer. When you run it, you get a dialog box that says Microsoft Internet Update Pack. The worm has been spreading not only through email, but also through IRC, KaZaA and newsgroups.

For more info, or if you think you've been infected, go to the Symantec web site for removal instructions:
http://www.winxpnews.com/rd/rd.cfm?id=030923SE-Swen

I hope this is of help and interest to anyone.



<hr width=100% size=1>regards,
Philip

 

[l'escargot]

If you want to know about viruses, don't look on boating forums, look at sites such as this:
<A target="_blank" HREF=http://www.symantec.com/>http://www.symantec.com/</A>
They will tell you everything you need to know.

<hr width=100% size=1>

 

[Heckler]

there are still people out there who cannot resist clicking on an attachment, they are starting to come into the work shop today to have the worm removed,
norton do a good tool to do it
s

<hr width=100% size=1>http://www.beneteau-owners-association.org.uk

 

[robp]

My dog is more IT literate than me! (Well he's still having a few problems with circular references in Excel). This advice came on Monday from BBC Radio Solent's Fact sheet No. 98.

<hr width=100% size=1>

 

[Dave_Knowles]

I have just found that our service provider Netalia does a virus check on all emails before they are sent on. This seems a great idea even though we have up to date virus checkers on our machines also.

<hr width=100% size=1>Take care.

Dave

Dave Knowles
Southampton - UK

http://www.MyCleopatra.co.uk

 

[robp]

When in the list of incoming e-mails (in your inbox). Just sit on the message (without double clicking it), that you are unsure of and hit the delete button.

Do this to ANY message that you don't recognize, or are unsure of, until you have a good AntiVirus software installed and updated every day.

<hr width=100% size=1>

 

[milltech]

I'm amazed they don't all do that, the nonsense would end quite soon if they did.

<hr width=100% size=1>John
<A target="_blank" HREF=http://www.allgadgets.co.uk>http://www.allgadgets.co.uk</A>

 

[castaway]

Brilliant!! Downloaded that yesterday...Wonder if myAVG anti virus will sort it.

My PC has not been the same since the MS blaster worm..

Thanks Nick

<hr width=100% size=1>

 

[Alex_Blackwood]

Have posted fact sheet for info. robp, what sort of computer do you have Judy didn't put it out 'till Tuesday. Must be the dog! Cheers.
Fact Sheet 98
23/09/03
From Judy Goodlet - judy.goodlet@bbc.co.uk

For everyone - sorry, but there's another new virus causing problems. It's the W32.Swen.A@mm. People report receiving 50-60 emails overnight.

It's a clever beastie that can get through Firewalls. It's affecting all those who use Microsoft Internet Explorer 5.01 and Microsoft Internet Explorer 5.5, regardless of the Operating System (your version of Windows). Check your version number from the Help Menu in Outlook Express or Internet Explorer - click About....and you'll see it there.

To protect yourself against it until you have upgraded your anti-virus software or downloaded the patch you should close your Preview Pane (the part of Outlook Express that lets you see the contents of your email). The virus can be launched from here - because you haven't double clicked the email to open it you think you're fine - but you're not! One particularly nasty instance of it tells you the message is from Microsoft, with a patch for the problem (it's offering a Security update in a "Microsoft" style document). Microsoft DO NOT send out patches!

To close the Preview pane:

Go to Outlook Express (if it wants to go online to perform a send and receive, cancel the connection request)
Go to the View Menu, select Layout and turn off Preview Pane


You can find full details of the virus at:

http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html

If you have the Virus, download the removal tool from:

http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.removal.tool.html

If you haven't got the very latest version of your Anti-virus software go to get the patch to protect yourself from Microsoft:

http://www.microsoft.com/technet/security/bulletin/MS01-020.asp



<hr width=100% size=1>