Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Virus Masquerades as Microsoft E-Mail

    By
    Dennis Fisher
    -
    September 18, 2003
    Share
    Facebook
    Twitter
    Linkedin

      A new mass-mailing virus is on the loose on the Internet, this one masquerading as a message from Microsoft Corp. about a cumulative security patch. Known as either Swen or Gibe, the virus is mainly found in Europe right now, but anti-virus experts say it has the potential to spread quickly and widely.

      Like some other recent worms and viruses, Swen attempts to spread through several different methods, including peer-to-peer file sharing networks and IRC channels. It takes advantage of a two-year-old flaw in Microsoft Internet Explorer and is capable of automatically executing the infected attachment once the message is opened.

      Swen arrives in an e-mail message with a subject line of “Microsoft Critical Patch” and an executable attachment with a random file name. The message body itself is a somewhat realistic looking HTML message that includes Microsofts logo and links to the companys Web site. The body instructs the user to install the included attachment, which is described as the “February 2003, Cumulative Patch” for Outlook, Outlook Express and Internet Explorer.

      The virus then copies itself to the folder used to share files on the Kazaa network, if it exists on the infected machine. Swen applies names to the infected files in the Kazaa folder that make the files appear to be patches for other viruses, such as Bugbear and SoBig, according to an analysis of the virus by iDefense Inc., in Reston, Va.

      Swen, which was first discovered early Thursday morning, was spreading steadily Friday afternoon and making inroads in the United States after causing headaches in Europe for the last couple of days.

      However, it does not seem likely to rise to the level of SoBig.F, Klez or any of the other large-scale infections of the last year, experts said.

      As of late Friday, MessageLabs Inc., an e-mail security company based in New York, had stopped about 36,000 copies of Swen. Although those numbers are nothing to laugh at, MessageLabs stopped nearly 30 times that many copies of SoBig.F during its first 24 hours of life. Still, the social engineering aspects of Swen, which is disguised as an e-mail coming from Microsoft Corp., are apparently drawing in plenty of victims. The virus is likely to be most successful in infecting home users, who tend to be less knowledgeable about security practices and are more apt to be duped into opening the purported patch from Microsoft.

      “Reading e-mail today has certainly become the digital equivalent of a contact sport. Users are continually bombarded by spam, mailing list, hoaxes and viral messages, potentially leaving them a little punch drunk when trying to find the legitimate email amongst the malicious bits,” said Ian Hameroff, eTrust security strategist at Computer Associates International Inc. in Islandia, N.Y. “Virus writers often exploit this, and thats why we see techniques like spoofed Microsoft support messages in Swen.”

      Anti-virus experts said Swen has an interesting characteristic that is drawing researchers attention. Every time the virus infects a new machine, it is programmed to visit a specific Web site that is nothing more than a counter that logs the number of hits the site receives. Aside from providing an idea of how many PCs have been infected, the site could also prove useful if investigators were able to get a look at the Web servers logs, said security expert Richard Smith. As of 4:30 p.m. Eastern time Thursday, the counter stood at about 810,000.

      Discuss this in the eWeek forum.

      Dennis Fisher
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×