Aces High Bulletin Board
General Forums => The O' Club => Topic started by: gofaster on September 19, 2003, 02:48:16 PM
-
... after the scare last week, looks like the antivirus companies are gonna show some positive cash flow this quarter.
New Worm Targets File-Sharing Nets
Thu Sep 18, 6:00 PM ET
Paul Roberts, IDG News Service
Antivirus companies are warning Internet users about W32.Swen, a new worm that spreads using e-mail messages, vulnerable network connections, Internet Relay Chat (IRC), and peer-to-peer networks.
F-Secure, Network Associates, and Symantec all have issued warnings about Swen, indicating that the worm is spreading on the Internet. Customers are being advised to update their antivirus definitions to detect and nullify Swen.
Finding a Flaw
First detected on Thursday, Swen exploits a security hole in Microsoft's Internet Explorer Web browser. It affects all supported versions of the Windows operating system, according to security products vendor F-Secure of Helsinki.
The worm poses as a software security update from Microsoft. Its message prompts users with "Yes" or "No" buttons to agree to install the update, and even provides an installation "progress" bar if they do agree.
However, the worm code is installed regardless of what users select. Once it has infected a system, Swen alters the configuration of Windows so the worm is launched whenever Windows is started. The worm also detects and disables antivirus software or other Windows features that could be used to disable it, according to F-Secure.
Like other mass mailing worms, Swen scans an infected machine's hard drive for e-mail addresses and uses those to send out more copies of itself, skimming SMTP server addresses and user names from Windows.
Infected e-mail messages are formatted to look like official correspondence from Microsoft. The messages appear to come from one of a variety of randomly generated senders like "MS Technical Assistance" and advertise a "cumulative patch" for Internet Explorer to patch "three newly discovered vulnerabilities," F-Secure says.
Other Routes
The worm also can detect the presence of IRC clients or the Kazaa peer-to-peer file-sharing client application, and then distribute itself on those networks. Swen places a specialized script file that sends a virus file to every computer on the same IRC channel as the infected computer.
For machines running Kazaa file-sharing software, Swen enables the file-sharing feature, if it is not already enabled. It places multiple copies of itself in the Kazaa shared files folder, disguised as Kazaa client software, pirated software, or other popular applications, F-Secure says.
More than one antivirus company notes the similarity between Swen and an earlier worm, W32.Gibe, which appeared in March. Like Swen, Gibe also attempted to spread by e-mail as well as Kazaa and IRC networks, while posing as a piece of legitimate Microsoft software when installed
-
I bought a new laptop yesterday, plugged it in and begun to install antivirus and firewall softwares when that frigging popup came up: System will shut down in ## seconds.... Golly-gee MsBlast/Lovsan :mad:
-
Staga, why on Earth would your ISP still leave the NetBIOS ports open? Good lord, you think these nutjob ISP's would learn.
-
Yep, received the email you mentioned just an hour ago. My Norton (definition dated 9-18-03) caught it.
-
Skuzzy some people actually use Netbios actively :)
According to MS specs it's a valid protocol.
-
Anyone using NetBIOS access over the Internet gets what they deserve. It is not secure in any way shape or form. It is perfectly fine over a LAN (if you trust those on the LAN), behind a firewall, but not over the Internet.
-
Still using Norton 2002, is there any real point in getting 2004 or is my constant virus update enough for now?
-
I've been able to deal with all current threats by unplugging the computer during the installation and then installing a personal firewall before connecting to the net.
Many will come knocking, so far nobody has come in.
-
As long as you have a current subscription, Norton 2002 will protect you from almost everything that 2004 does (except spyware, greyware, etc).
You should also have a firewall, AV isn't enough to handle this new breed of blended threat. A system with a good AV and a good firewall should be in great shape, but one or the other is medium.
I work for Symantec, so even though I think NIS and NPF are better firewall solutions, our competition (Zone, McAfee, etc) has solid stuff too that will do good to protect you in this environment. You must be vigilant. Know exactly what ports you open, keep virus defs up to date, and use common sense.
-
Good to hear chairboy, i also use sygate personal firewall and spampal and they have served me well for a long time.
I had Symantec 4 years ago or something, but norton came free with my dsl connection
-
I had Symantec 4 years ago or something, but norton came free with my dsl connection
Symantec makes the Norton software
-
LOL, true....was cofused there for a sec, used Norman :D
-
I've gotten over 400 emails from "Microsoft" in the past 2 days. At least it's not just me....
-
How come i never get these emails? i feel left out.. :(
-
Hang on Rut....ill send you some :D