Nova napast: I-Worm.Swen

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Stiglo nam je obavestenje pre oko sat i nesto o novom brzosirecem crvu...evo teksta u originalu:

[Kaspersky Labs News] Beware! A New Internet Worm Is On The Loose - I-Worm.Swen

Kaspersky Labs, a leading information security expert, announces the detection of
the network worm, I-Worm.Swen. This malicious program spreads via email, the Kazaa
file sharing network and IRC channels.

Infected messages appear to have been sent from various Microsoft services,
including, MS Technical Assistance, Microsoft Internet Security Section, etc.
Message text advises users to install a "special patch" from Microsoft. The "patch"
is included as an attachment.

I-Worm.Swen uses the same vulnerability in the Internet Explorer detected in March
2001 that was used by many other well-known worms, such as Klez. Thus, once Swen
breaks into an undefended machine to execute itself independently of the owner.

The new malware program is written in Microsoft Visual C++ and is about 107 KB. The
worm is activated in two cases: if the infected file is executed or when the email
program contains the IFrame.FileDownload vulnerability. The worm then installs
itself into the system and initiates propagation procedures.

When the attachment is opened the first time, a window appears on the screen named
Microsoft Internet Update Pack and imitates the installation of a patch. At the
same time, the malicious code blocks all firewalls and anti-virus software. Then
Swen scans the file system of the infected computer and extracts all email
addresses, using them to mail itself to all available addresses via a direct
connection to an STMP server. The infected letters are in HTML and include an
attachment containing Swen. In some cases, the worm can send copies of itself in
.zip of .rar form.

Swen propagates via the Kazaa file-sharing network by copying itself under random
names in the file exchange directory in Kazaa Lite. It also creates a subdirectory
in the Windows Temp folder with random names making several copies of itself with
random names as well. This directory is then identified in the Windows system
registry as the source for the file sharing system and as a result, the new files
created by Swen become available to other Kazaa network users.

Finally, for spreading via IRC, the worm scans for installed mIRC clients. If these
are detected then Swen modifies the script.ini file by adding its propagation
procedures. Whereupon the scrip.ini file sends infected files from the Windows
directory, to all users that connect to the now-infected IRC channel.

Kaspersky Labs experts currently attribute dozens of thousands computer infections
worldwide to I-Worm.Swen. The number of infections continues to rise.

The defence against I-Worm.Swen has already been added to the Kaspersky Labs
anti-virus database.

A detailed description of I-Worm.Swen can be found in the Virus encyclopedia
(www.viruslist.com/eng <http://www.viruslist.com/eng>)


Kaspersky Labs Corporate Communications

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hehe Win se ucrvljao.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Microsoft Consumer

this is the latest version of security update, the "September 2003, Cumulative Patch" update which resolves all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to help maintain the security of your computer from these vulnerabilities, the most serious of which could allow an attacker to run code on your system. This update includes the functionality of all previously released patches.


System requirements Windows 95/98/Me/2000/NT/XP
This update applies to MS Internet Explorer, version 4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later
Recommendation Customers should install the patch at the earliest opportunity.
How to install Run attached file. Choose Yes on displayed dialog box.
How to use You don't need to do anything after installing this item.

Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us.

Thank you for using Microsoft products.


E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail attachment "Patch38.exe"
was believed to be infected by a virus and has been replaced by this warning
message.

Originalni e-mail attachment "Patch38.exe" je zarazen virusom
i zamenjen sa ovom porukom.

-----------------------------------
At Mon Sep 22 09:17:31 2003 the virus scanner said:
Patch38.exe infected: I-Worm.Swen

-----------------------------------

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

This worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message. Information and a patch for the vulnerability can be found at
http://www.microsoft.com/technet/security/bulletin/MS01-020.asp

Detaljan opis stete koju ovaj crv pravi imate na adresi:

http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ako je neko "zakacio" Swen-a, cistilica za njega i jos desetak drugih crva i trojanaca CLRAV (by Kaspersky Labs, naravno ) se nalazi na download strani sajta www.singi.rs
Tekuca verzija sa definicijom za Swen-a je 10.0.6.3