Nova napast: I-Worm.Swen

Nova napast: I-Worm.Swen

  • Pridružio: 22 Avg 2003
  • Poruke: 787
  • Gde živiš: Beograd

Stiglo nam je obavestenje pre oko sat i nesto o novom brzosirecem crvu...evo teksta u originalu:

[Kaspersky Labs News] Beware! A New Internet Worm Is On The Loose - I-Worm.Swen

Kaspersky Labs, a leading information security expert, announces the detection of
the network worm, I-Worm.Swen. This malicious program spreads via email, the Kazaa
file sharing network and IRC channels.

Infected messages appear to have been sent from various Microsoft services,
including, MS Technical Assistance, Microsoft Internet Security Section, etc.
Message text advises users to install a "special patch" from Microsoft. The "patch"
is included as an attachment.

I-Worm.Swen uses the same vulnerability in the Internet Explorer detected in March
2001 that was used by many other well-known worms, such as Klez. Thus, once Swen
breaks into an undefended machine to execute itself independently of the owner.

The new malware program is written in Microsoft Visual C++ and is about 107 KB. The
worm is activated in two cases: if the infected file is executed or when the email
program contains the IFrame.FileDownload vulnerability. The worm then installs
itself into the system and initiates propagation procedures.

When the attachment is opened the first time, a window appears on the screen named
Microsoft Internet Update Pack and imitates the installation of a patch. At the
same time, the malicious code blocks all firewalls and anti-virus software. Then
Swen scans the file system of the infected computer and extracts all email
addresses, using them to mail itself to all available addresses via a direct
connection to an STMP server. The infected letters are in HTML and include an
attachment containing Swen. In some cases, the worm can send copies of itself in
.zip of .rar form.

Swen propagates via the Kazaa file-sharing network by copying itself under random
names in the file exchange directory in Kazaa Lite. It also creates a subdirectory
in the Windows Temp folder with random names making several copies of itself with
random names as well. This directory is then identified in the Windows system
registry as the source for the file sharing system and as a result, the new files
created by Swen become available to other Kazaa network users.

Finally, for spreading via IRC, the worm scans for installed mIRC clients. If these
are detected then Swen modifies the script.ini file by adding its propagation
procedures. Whereupon the scrip.ini file sends infected files from the Windows
directory, to all users that connect to the now-infected IRC channel.

Kaspersky Labs experts currently attribute dozens of thousands computer infections
worldwide to I-Worm.Swen. The number of infections continues to rise.

The defence against I-Worm.Swen has already been added to the Kaspersky Labs
anti-virus database.

A detailed description of I-Worm.Swen can be found in the Virus encyclopedia
( <>)

Kaspersky Labs Corporate Communications

Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.
  • Goran 
  • Prof.Mr.Dr.Sci. Traumatologije
  • Pridružio: 05 Maj 2003
  • Poruke: 9977
  • Gde živiš: Singidunum

Hehe Win se ucrvljao.

  • Jimmy  Female
  • Zaslužni građanin
  • Pridružio: 21 Apr 2003
  • Poruke: 662
  • Gde živiš: Beograd

Microsoft Consumer

this is the latest version of security update, the "September 2003, Cumulative Patch" update which resolves all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to help maintain the security of your computer from these vulnerabilities, the most serious of which could allow an attacker to run code on your system. This update includes the functionality of all previously released patches.

System requirements Windows 95/98/Me/2000/NT/XP
This update applies to MS Internet Explorer, version 4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later
Recommendation Customers should install the patch at the earliest opportunity.
How to install Run attached file. Choose Yes on displayed dialog box.
How to use You don't need to do anything after installing this item.

Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us.

Thank you for using Microsoft products.

E-Mail Virus Protection Service
The original e-mail attachment "Patch38.exe"
was believed to be infected by a virus and has been replaced by this warning

Originalni e-mail attachment "Patch38.exe" je zarazen virusom
i zamenjen sa ovom porukom.

At Mon Sep 22 09:17:31 2003 the virus scanner said:
Patch38.exe infected: I-Worm.Swen


  • Pridružio: 12 Sep 2003
  • Poruke: 236
  • Gde živiš: Naissus

This worm exploits a vulnerability in Microsoft Outlook and Outlook Express in an attempt to execute itself when you open or even preview the message. Information and a patch for the vulnerability can be found at

Detaljan opis stete koju ovaj crv pravi imate na adresi:

  • Pridružio: 22 Avg 2003
  • Poruke: 787
  • Gde živiš: Beograd

Ako je neko "zakacio" Swen-a, cistilica za njega i jos desetak drugih crva i trojanaca CLRAV (by Kaspersky Labs, naravno Cool ) se nalazi na download strani sajta
Tekuca verzija sa definicijom za Swen-a je

Ko je trenutno na forumu

Ukupno su 652 korisnika na forumu :: 21 registrovanih, 4 sakrivenih i 627 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: brundo65, DH, djordje92sm, DPera, dragoljub11987, Goran 0000, Insan, ivica976, Krusarac, kybonacci, mercedesamg, milekNS, nuke92, procesor, Shufle, Tas011, vaso1, VladaNS1978, vladetije, Voja1978, wizzardone