Posted on 09/19/2003 9:35:41 AM PDT by B Knotts
A new e-mail worm has started to spread quickly, taking advantage of an Internet Explorer vulnerability that was first disclosed two years ago.
The bug, which has been alternately dubbed Swen and Gibe.F, appears to exploit a flaw that Microsoft first disclosed in a March 2001 security bulletin.
Ken Dunham, manager of malicious code intelligence for Reston, Va.-based iDefense, said that Swen preys upon people's best intentions, appearing as an e-mail that purports to be a security update from Microsoft.
The worm is programmed to send an official-looking e-mail that says it contains a "cumulative patch" for several Internet Explorer, Outlook and Outlook Express vulnerabilities.
A Microsoft representative noted that the software maker does not send out patches as e-mail attachments.
In addition to spreading via e-mail, experts said, Swen can be transmitted over services such as Internet relay chat (IRC) and through peer-to-peer networks. The virus turns on file sharing--if it is not already turned on--and creates a shared directory with multiple copies of itself under various file names, said Kevin Haley, a group product manager at Symantec Security Response. Among the files Swen tries to disguise itself as are virus removal tools.
Haley said the social engineering that the virus writer used is most troubling.
"Those things are pretty interesting and pretty dangerous," he said.
The threat posed by Swen is rated fairly low by antivirus companies such as McAfee and Symantec, despite the worm's growing prevalence. "It doesn't look like it is causing a lot of trouble at least right now," Haley said. The threat is somewhat higher for home users and users outside the United States who are more likely to be using older, unpatched software, McAfee said.
"Swen is quickly gaining ground in Europe and has the potential to become very widespread in a short period of time," Dunham said in an e-mail.
The emergence of Swen comes as security companies have warned that a potentially major bug could soon emerge based on a recently disclosed Windows vulnerability. Experts said earlier this week that code that could quickly be used to create such a bug are already being distributed on underground hacker sites.
Given that I run Linux, it wasn't much of a problem for me, but Windows users should be especially wary of anything purporting to be a security patch that is emailed.
***SIGH***
Microsoft, The Center for Disease Control, the FBI, the CIA, and the Marines NEVER use spam to notify the public about ANTHING. How many years do we have to say this, over, and over, and over?
Here's what I do:
Anyone who sends me Virus Alerts, Modem Tax chain letters, Anything (usually from an AOL address) that tells me to "Foreward this to everyone you know!" etc., whether friend, relative, or co-worker, gets sent to "Dave Null" at my server.
While there was an obnoxious article a week or two ago about requiring "Computer Licenses", that properly raised peoples' ire, there is such a thing as a person who is just TOO DAMNED STUPID to have a computer connected to the Internet.
And I no longer receive mail from them.
All the years I patiently explained this over and over were in vain..I STILL got mails from the same people, complete with hundreds of names in the BCC: field, virus alerts that had people deleting system files, etc.
To heck with them.
Trouble is, the very ones that need to just WON"T pay any attention.
What with spam, drive-by installations of spyware, malware, trojans, all the _types_ of spam, my patience is totally shot. I miss the old Net, where people who could not manage a moden init string were weeded out by the simple fact they could not even get on. Now, we just cannot get some (Some, I said) people to listen or even make the most feeble attempts to learn anything.
grumble, grumble.
I admit I became suspicious when it stated that it " closed every security hole in Windows'.
It looks like it came from Microsoft and will fool many.
That's not to say that there aren't some yahoos running Red Hat; there certainly are. But the incidence would still tend to be lower than Windows.
I don't run either of 'em myself.
Interesting thought. Some of these, like the hoaxes, are really "Wetware" viruses. The most common one, though, is the Virus Alert spam that tells you to delete a system file...and RH Linux users would look in vain for that file.
I DO get mail from Red Hat, as a matter of fact.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.