Worm Wears A ‘Patch’ For Disguise

(Washington Post) Disguised as an official e-mail from Microsoft, the file comes attached to a note asking the recipient to install a “September 2003, cumulative patch” to protect against vulnerabilities in Microsoft’s Internet Explorer Web browser and Outlook and Outlook Express e-mail programs.

If installed, the program, known as Swen or Gibe.F, attempts to disable firewall and antivirus software, gather password information and replicate itself via e-mail, as well as the Kazaa peer-to-peer network and Internet Relay Chat instant-messaging.

Internet security firms are reporting a wide distribution of the worm online; McAfee Security rated the malicious program a “medium” risk to home users and a “low” risk to corporate users, who are more likely to have updated security software.

The virus-laden e-mail looks like an authentic missive from the Redmond, Wash., software developer (aside from a few grammatical errors), but a spokeswoman for Microsoft said this week that it doesn’t send security updates in e-mail. They’re all distributed through Microsoft’s Web site (windowsupdate.microsoft.com).

The Swen virus could affect users running Windows 95, Windows 98, Windows Me, Windows NT, Windows 2000 and Windows XP. It does not affect other operating systems. — Mike Musgrove

You may also like...

Leave a Reply