Bart
Member
Registered: 19th Aug 02
Location: Midsomer Norton, Bristol Avon
User status: Offline
|
Sorry if this has been mentioned before i aint been on here for a few days.
The latest virus scam is an email being passed around pretending to be Microsoft with an attachment claiming you 'must update windows' for security reasons.
Attached is a file roughly 300kb, im not sure what the file does i believe its a trojan.
Of course Microsoft never send out file updates with their emails but this does look convincing as all the links etc link to the microsoft site as well.
Just thought id let ya all know 
[Edited on 09-06-2003 by Bart]
[Edited on 09-06-2003 by Bart]
[Edited on 09-06-2003 by Bart]
|
Bart
Member
Registered: 19th Aug 02
Location: Midsomer Norton, Bristol Avon
User status: Offline
|
AusCERT Update AU-2003.015 - New email virus/worm "Swen" masquerades as
Microsoft Update
19 September 2003
Users and system administrators should be aware of a new mass-mailer worm
that purports to be the "September 2003, Cumulative Patch" for MS Internet
Explorer, MS Outlook and MS Outlook Express. The worm arrives as an
attachment with a .exe extension. In addition to email vectors, Swen will
attempt to spread through file-sharing networks and will attempt disable
antivirus programs and personal firewall programs on an infected computer.
This particular executable may be detected by anti-virus systems as the
W32/Gibe-F virus. It may also arrive in an email message appearing to be
a qmail delivery failure notice.
Some email subject lines that Swen may use are:
New Internet Security Update
net security upgrade
New Net Critical Update
Mail: User unknown
REFERENCES:
[1] Protecting your computer from malicious code
http://www.auscert.org.au/render.html?it=3352
[2] Information on Bogus Microsoft Security Bulletin E-mails
http://www.microsoft.com/technet/security/news/patch_hoax.asp
[3] F-Secure Virus Descriptions
http://www.europe.f-secure.com/v-descs/swen.shtml
[4] Symantec Security Response - W32.Swen.A@mm
http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html
[5] Computer Associates Virus - Win32.Swen.A
http://www3.ca.com/virusinfo/virus.aspx?ID=36939
[6] McAfee Security
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100662
[7] Trend Micro
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SWEN.A&VSect=T
[8] Sophos virus analysis: W32/Gibe-F
http://www.sophos.com/virusinfo/analyses/w32gibef.html
[9] MessageLabs
http://www.messagelabs.com/viruseye/info/default.asp?virusname=W32%2FGibe%2EE%2Dmm
When possible, upgrade all anti-virus software to use the latest definition
files as soon as they become available.
Ensure that all network file shares are disabled unless necessary and if
possible ensure that active shares are password protected.
AusCERT advises members to disseminate and take action on this information
to prevent any undesirable activity by this virus within their sites. Users
should be again reminded that unsolicited attachments should not be opened.
Regards,
The AusCERT Team
|
