Re: Email pretending to be a Microsoft download
From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 02/16/04
- Next message: JA: "Re: Tracking program? How do I get rid of it?"
- Previous message: anonymous_at_discussions.microsoft.com: "Virus-cant get internet access"
- In reply to: David M: "Email pretending to be a Microsoft download"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 16 Feb 2004 14:34:44 -0500
Sounds like the classic Swen.
The Swen is news spelled backwards. The reason it is called this is because the Swen worm
harvests email addresses from UseNet News Groups. It has an engine that allows it to post
itself to UseNet News Groups as well as it has its own email engine. From the list of
email addresses that it has harvested, it will then email itself to those addresses.
W32/Swen@MM - http://vil.nai.com/vil/content/v_100662.htm
W32.Swen.A@mm - http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html
There are several Internet worms that masquerade as patches from Microsoft. The most common
are; Swen, Dumaru, Gibe and Torvil. All AV companies and Microsoft are fully aware of this
problem.
All you can do is...
1. Keep your AV package up-to-date
2. Create email "rules" to auto-delete the offending messages
3. Petition your ISP to install AV software on their respective email servers.
4. Install *all* MS Critical Updates via the Windows Update web site.
5. Always munge your email address when posting to UseNet
6. If all else fails, Change your email address.
At the following URL http://vil.nai.com/vil/content/v_100662.htm or at
http://vil.nai.com/vil/averttools.asp obtain the FIXSWEN.INF file and follow the
instructions to install on your PC.
I also suggest going into Safe Mode to delete the files you noted.
Please provide the following:
McAfee AV software information:
software version (corp. or retail)
DAT revision
ENGINE version
Dave L.
"David M" <anonymous@discussions.microsoft.com> wrote in message
news:1094201c3f4bc$f9d63560$a101280a@phx.gbl...
| Like others, I received an email purporting to be from "MS
| Internet Security Division"
| with an atachment "installation8.exe"
|
| It loaded onto my system and then sent emails out to my
| email list.I cleaned it via Macafee but Macafee put the 2
| infected files into the Quarantine section and now I
| cannot get them out as one of the files is an exe to open
| applications wjfl.exe. I cannot open any applications as a
| result and cannot find where to get another copy of this
| exe??
|
| Any thoughts
|
| David
|
|
- Next message: JA: "Re: Tracking program? How do I get rid of it?"
- Previous message: anonymous_at_discussions.microsoft.com: "Virus-cant get internet access"
- In reply to: David M: "Email pretending to be a Microsoft download"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
