News

Swen Mass-Mailing Worm Carries Fake Microsoft Patch

Even as the industry awaited the breakout of a new Blaster-style worm and the G version of Sobig, a variation on another familiar piece of malware began making the rounds on Thursday. A virus based on the well-worn social engineering trick of making an e-mail look like it comes from Microsoft's support team started hitting user mailboxes.

Like previous viruses and worms based on the ruse, the e-mail arrives with an executable attachment that the virus authors try to pass off as a patch. This time, however, virus authors have gone to the trouble of designing a convincing HTML e-mail that resembles a Microsoft Web page. The HTML e-mail contains legitimate links to different Microsoft pages in addition to the nasty attachment.

Anti-virus vendors call the virus Swen (F-Secure), W32.Swen.A@mm (Symantec) or W32/Gibe-F (Sophos). Swen bears similarities to the Gibe.B worm discovered in February. Symantec upgraded its threat assessment for W32.Swen.A@mm to Level 3 on its severity scale Thursday evening due to an increasing volume of submissions.

The worm can arrive under a number of different subject lines and the From address varies. Once a system is infected, Swen attempts to send itself to e-mail addresses, and also attempts to spread through file sharing networks such as KaZaa and IRC. It also attempts to kill anti-virus and personal firewall systems running on a computer.

In response to similar worms in the past, Microsoft has said that it never sends security patches via e-mail.

The new virus comes at a time when IT organizations are on highest alert for new worms. Security experts expect a worm to be released any day that will exploit the critical Windows security hole Microsoft patched earlier this month with MS03-039. Also, the highly damaging Sobig.F worm expired on Sept. 10, and a Sobig.G variant is expected to hit any day.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.

  • Report: Security Initiatives Can't Keep Pace with Cloud, AI Boom

    The increasingly fast adoption of hybrid, multicloud, and AI systems is easily outgrowing existing security measures, according to a recent global survey by the Cloud Security Alliance (CSA) and exposure management firm Tenable.

  • World Map Image

    Microsoft Taps Nebius in $17B AI Infrastructure Deal To Alleviate Cloud Strain

    Microsoft has signed a five-year, $17.4 billion agreement with Amsterdam-based Nebius Group to expand its AI computing capabilities through third-party GPU infrastructure.