|
|
| Swen Virus Information | 29 Jan 2004 |
|---|---|
Method of Distribution ---------------------- Win32.Swen.A virus is a particularly nasty and messy worm, that uses Email(such as Outlook etc), P2P networks and IRC as its way of propagating its self. It exploits a vulnerability in Outlook Express to execute the malicious code as soon as the user views the email. This worm is quite smart, in the fact that it actually sends email using its own, inbuilt SMTP server. An infected computer will also have its current virus checking program attacked by the worm, it also attacks any firewall software on the computer by trying to terminate the running executable. ZoneAlarm is targeted specifically. When distributed via Email, it uses a form of social engineering to get the user to execute the attached executable, by disguising the email and executable as a Microsoft Update. It may be in the form of a *.exe generally. The email looks quite believeable, and many users run it unknowingly. It is important that user know that Microsoft *NEVER* email users in a manner such as this, and not to run an executable in an email from an unknown source. The email will always be from a random, or unknown address. Symptoms -------- Large Amounts of outgoing data on a users connection, users complaining of slow internet performance. Large amounts of returned emails from random sources. Periodically, users may recieve a 'mapi32.dll' error or 'MAPI32 EXCEPTION', and ask for the email settings again. This 'could' mean they are infected, but is not conclusive. As always, please read the below advisories and vendor alerts for the latest information. Vendor Alerts ------------- Please read the following vendor alerts for more information. Symantec/Norton AVG Anti-Virus VET.com.au Removal Tools ------------- The following URL's are for executables that may be used to remove the virus from an infected system. Symantec/Norton AVG Anti-Virus VET.com.au |
|
