W32.swen.a@mm

GovernmentSecurity.org > System Security > Trojan & Virus Errata

dissolutions

Sep 20 2003, 07:04 PM

NOTE: This threat was previously detected as Worm.Automat.AHB by definitions automatically created by Symantec's Digital Immune System.

Due to an increase in submissions, Symantec Security Response has upgraded W32.Swen.A@mm to Category 3, as of 6:30pm Thursday, September 18, 2003.

W32.Swen.A@mm is a mass-mailing worm that uses its own SMTP engine to spread itself. It attempts to spread through file-sharing networks, such as KaZaA and IRC, and attempts to kill antivirus and personal firewall programs running on a computer.

The worm can arrive as an email attachment. The subject, body, and From: address of the email may vary. Some examples claim to be patches for Microsoft Internet Explorer, or delivery failure notices from qmail.

W32.Swen.A@mm is similar to W32.Gibe.B@mm in function, and is written in C++.

This worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message. Information and a patch for the vulnerability can be found at
http://www.microsoft.com/technet/security/...in/MS01-020.asp

Wild: Medium
Damage: Low
Distribution: High

Also Known As: Swen [F-Secure], W32/Swen@mm [McAfee], W32/Gibe-F [Sophos], Worm Swen.A

Full Symantec Page: http://securityresponse.symantec.com/avcen....swen.a@mm.html

Removal Tool: http://securityresponse.symantec.com/avcen...moval.tool.html

Please choose a Username

Dec 27 2003, 09:46 PM

Thanx for that all things!

Embrance

Dec 28 2003, 11:21 PM

Thanks for the info!

JackBean

Dec 31 2003, 07:21 AM

Nice

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.


Help - Search - Member List - Calendar Full Version: W32.swen.a@mm GovernmentSecurity.org > System Security > Trojan & Virus Errata dissolutions Sep 20 2003, 07:04 PM NOTE: This threat was previously detected as Worm.Automat.AHB by definitions automatically created by Symantec's Digital Immune System. Due to an increase in submissions, Symantec Security Response has upgraded W32.Swen.A@mm to Category 3, as of 6:30pm Thursday, September 18, 2003. W32.Swen.A@mm is a mass-mailing worm that uses its own SMTP engine to spread itself. It attempts to spread through file-sharing networks, such as KaZaA and IRC, and attempts to kill antivirus and personal firewall programs running on a computer. The worm can arrive as an email attachment. The subject, body, and From: address of the email may vary. Some examples claim to be patches for Microsoft Internet Explorer, or delivery failure notices from qmail. W32.Swen.A@mm is similar to W32.Gibe.B@mm in function, and is written in C++. This worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message. Information and a patch for the vulnerability can be found at http://www.microsoft.com/technet/security/...in/MS01-020.asp Wild: Medium Damage: Low Distribution: High Also Known As: Swen [F-Secure], W32/Swen@mm [McAfee], W32/Gibe-F [Sophos], Worm Swen.A Full Symantec Page: http://securityresponse.symantec.com/avcen....swen.a@mm.html Removal Tool: http://securityresponse.symantec.com/avcen...moval.tool.html Please choose a Username Dec 27 2003, 09:46 PM Thanx for that all things! Embrance Dec 28 2003, 11:21 PM Thanks for the info! JackBean Dec 31 2003, 07:21 AM Nice This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.