NOTE: This threat was previously detected as Worm.Automat.AHB by definitions automatically created by Symantec's Digital Immune System.
Due to an increase in submissions, Symantec Security Response has upgraded W32.Swen.A@mm to Category 3, as of 6:30pm Thursday, September 18, 2003.
W32.Swen.A@mm is a mass-mailing worm that uses its own SMTP engine to spread itself. It attempts to spread through file-sharing networks, such as KaZaA and IRC, and attempts to kill antivirus and personal firewall programs running on a computer.
The worm can arrive as an email attachment. The subject, body, and From: address of the email may vary. Some examples claim to be patches for Microsoft Internet Explorer, or delivery failure notices from qmail.
W32.Swen.A@mm is similar to W32.Gibe.B@mm in function, and is written in C++.
This worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message. Information and a patch for the vulnerability can be found at
http://www.microsoft.com/technet/security/...in/MS01-020.asp
Wild: Medium
Damage: Low
Distribution: High
Also Known As: Swen [F-Secure], W32/Swen@mm [McAfee], W32/Gibe-F [Sophos], Worm Swen.A
Full Symantec Page: http://securityresponse.symantec.com/avcen....swen.a@mm.html
Removal Tool: http://securityresponse.symantec.com/avcen...moval.tool.html
