corsasport.co.uk
  Not logged in [Login - Register]  
You Are Not Registered Or Not Logged In  

Corsa Sport » Message Board » General Chat » Latest Virus Scam... » Post Reply

Post Reply
Who Can Post? All users can post new topics and all users can reply.
Icon:
Formatting Mode:
Normal
Advanced
Help
Insert Bold text Insert Italicized text Insert Underlined text Insert Centered text Insert a Hyperlink Insert Email Hyperlink Insert an Image Insert Code Formatted text Insert Quoted text
Message:
HTML is Off
Smilies are On
BB Code is On
[img] Code is On
Post Options: Disable smileys?
Turn BBCode off?
Receive email notification of new replies?

Bart

 posted on 25th Sep 03 at 07:35

AusCERT Update AU-2003.015 - New email virus/worm "Swen" masquerades as
Microsoft Update
19 September 2003

Users and system administrators should be aware of a new mass-mailer worm
that purports to be the "September 2003, Cumulative Patch" for MS Internet
Explorer, MS Outlook and MS Outlook Express. The worm arrives as an
attachment with a .exe extension. In addition to email vectors, Swen will
attempt to spread through file-sharing networks and will attempt disable
antivirus programs and personal firewall programs on an infected computer.

This particular executable may be detected by anti-virus systems as the
W32/Gibe-F virus. It may also arrive in an email message appearing to be
a qmail delivery failure notice.

Some email subject lines that Swen may use are:

New Internet Security Update
net security upgrade
New Net Critical Update
Mail: User unknown

REFERENCES:

[1] Protecting your computer from malicious code
http://www.auscert.org.au/render.html?it=3352

[2] Information on Bogus Microsoft Security Bulletin E-mails
http://www.microsoft.com/technet/security/news/patch_hoax.asp

[3] F-Secure Virus Descriptions
http://www.europe.f-secure.com/v-descs/swen.shtml

[4] Symantec Security Response - W32.Swen.A@mm
http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html

[5] Computer Associates Virus - Win32.Swen.A
http://www3.ca.com/virusinfo/virus.aspx?ID=36939

[6] McAfee Security
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100662

[7] Trend Micro
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SWEN.A&VSect=T

[8] Sophos virus analysis: W32/Gibe-F
http://www.sophos.com/virusinfo/analyses/w32gibef.html

[9] MessageLabs
http://www.messagelabs.com/viruseye/info/default.asp?virusname=W32%2FGibe%2EE%2Dmm

When possible, upgrade all anti-virus software to use the latest definition
files as soon as they become available.

Ensure that all network file shares are disabled unless necessary and if
possible ensure that active shares are password protected.

AusCERT advises members to disseminate and take action on this information
to prevent any undesirable activity by this virus within their sites. Users
should be again reminded that unsolicited attachments should not be opened.

Regards,

The AusCERT Team


Bart

 posted on 25th Sep 03 at 07:10

Sorry if this has been mentioned before i aint been on here for a few days.

The latest virus scam is an email being passed around pretending to be Microsoft with an attachment claiming you 'must update windows' for security reasons.

Attached is a file roughly 300kb, im not sure what the file does i believe its a trojan.



Of course Microsoft never send out file updates with their emails but this does look convincing as all the links etc link to the microsoft site as well.

Just thought id let ya all know :thumbs:

[Edited on 09-06-2003 by Bart]

[Edited on 09-06-2003 by Bart]

[Edited on 09-06-2003 by Bart]