New E-Mail Worm Targets Hole in Internet Explorer

SAN FRANCISCO (Reuters)

nti-virus companies warned on Thursday of a new computer worm circulating through e-mail that purports to be security software from Microsoft Corp. but actually tries to disable security programs that are already running.

The worm, dubbed "Swen" or "Gibe," takes advantage of a two-year-old hole in Internet Explorer and affects systems that have not installed a patch for that security hole, according to Internet security company Network Associates Inc..

The malicious program arrives as an attachment to an e-mail pretending to contain a patch for holes in Internet Explorer, Outlook and Outlook Express and then mails itself off to addresses located on the victim's computer.

The worm also can spread over Internet relay chat and the KaZaa peer-to-peer network, as well as copy itself over shared networks, Network Associates said. ---

n/t.

:thumbsup:

There's considerable variation in wording and the "from" address but it's all the same scam. Hard to screen out all copies. Never ever open an email attachment unless it's from someone you know and you're expecting it. If you get an unexpected attachment from someone you know, check with them before opening it.

been seeing this a lot.

email 'pretends' to come from "admin@thefirm.com"

but, our anti-virus software completely stops any infection.

(I also run Solaris.)

:bounce:

I have been using several of the Mozilla projects like Firebird and Thunderbird. I like them both.

http://www.mozilla.org/




Even with them, still use firewalls and AV software. I run OSX, but still have my firewall and AV software.

...oh, and Win 98 ( :-( ).
Had some fun on Wednesday, actually. My girlfriend calls me over, asking me to look at something. Our Firewall program was asking whether a new application file had permission to contact our other computer (on LAN).
I tell her, "I don't know that program. Tell it no"
We then look at the file, it was in the Windows directory, and the thing we noticed was when it was created or last modified. It was the 10th of August... 2106!
This seemed unlikely, so we tried to delete it. It refused, so we then ran our AV which told us we had caught Opasoft, and proceeded to remove it for us.
Nice to see our firewall doing something.

I have never had a virus or a worm since I started computing in '98. Run Win 98 too. Like them both a lot. Don't plan on changing a thing anytime soon. Edit: Never download any e-mails from my server if I don't know who they are from. Just the header. And then delete the ones I don't want off my server without ever putting them on my machines HD at all.

Don

:thumbsup: Mozilla rocks. Version 1.5 is nigh!

I am content not even having a virus protection software installed on my computer. I have been using the Mac Platform for almost 20 years and never had a single problem with viruses, bugs and worms.

It is my personal hypothesis that the reason why Microsoft software, Windows, Internet Explorer, Outlook Express, Access, etc. have been prone to these attacks is that Microsoft originally designed their software, which they very badly cannibalized from the Mac software as MacWrite, MacProject, etc., so that they could gain access to your computer without your knowledge.

The hackers have since been exploiting this, and it may be that each time Microsoft give you a patch, Microsoft still needs to access your computer, so they silently open another route.

This, in my opinion, can be the only explanation for there being over 100000 virsuses associated with Windows, Internet Explorer, Outlook Express and their other software as Word, etc.

I have seen many of my friends computers being trashed and businesses destroyed with the Windows operating system that they used, but it appears that the "herd" mentality will never change!!

Regards

Jacob Matthan
Oulu, Finland

Good advice and I agree with your points about Microsloth. They have been stealing other people's software ideas for a long time. Bill Gates stole Basic from Dartmouth and DEC in order to get started.

Unfortunately not all of us can run Macs at our jobs and we end up having to deal with the evil empire. I agree however that you can minimize your use of MS software. Use other e-mail programs like Eudora, and other browsers like Mozilla.

I too had to help a friend whose computer got trashed by the last worm. It wasn't pretty. She had to rebuild her whole system and reinstall all her software. Lots of downtime. Finally got her to get rid of Outlook Express though. Another lost soul saved.

Sonia

When I was Chief Engineer in the Microelectronics Laboratory in the University of Oulu, even the most sophisticated laser deposition and mini circuit modification work, and work on high temperature superconductors was done on Macs.

I still have the first Mac I bought for the laboratory (bought at a clearance auction at the University), an Apple IIc on which ceramic filter design for Nokia mobile phones was originally carried out!!

There was a study out yesterday done by Ernst and Young in Finland on medium and large size companies and institutions. They found that on average a Windows user spent 3 hours a week trying to fix his computer to run properly and this was costing the country Euro 2.7 billion (US $ 3 billion).

Who pays? You and me.
Who profits? Bill Gates and Co.

No wonder Bill can set up schools to brainwash kids all over the US with "his" foundation - after all it is not his money but only his "credit"!!

By the way (in response to another post), I can give my email address everywhere as none of the Windows viruses can affect my computer!!

And in response to another post - thanks for the welcome but I have been around for quite a while - extremely active at the time of the Iraq Invasion. Also I am a Mike Malloy addict listening to him on Apple iTunes, loud and clear from 4 to 7 am every morning Tuesday to Saturday (in Finland)!!

Regards

Jacob Matthan
Oulu, Finland

I think the real reason may simply be that there are more microsoft platforms around and a would-be virus programmer knows it is more likely that his creation will survive and spread than if it were designed to thrive on less popular systems.

Do NOT give out your email address on a online forum.

Apparently, some folks were doing it over in GD today.

:kick:

If you get an e-mail like this, please don't open the attachment. It contains a worm virus. Microsoft does not send out security updates via e-mail.

----- Original Message -----
From: Microsoft Corporation Program Security Department
To: Customer
Sent: 9/19/2003 2:49:51 PM
Subject: New Microsoft Security Upgrade


Microsoft All Products | Support | Search | Microsoft.com Guide
Microsoft Home


MS Customer

this is the latest version of security update, the "September 2003, Cumulative Patch" update which resolves all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to help protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run code on your system. This update includes the functionality of all previously released patches.


System requirements Windows 95/98/Me/2000/NT/XP
This update applies to MS Internet Explorer, version 4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later
Recommendation Customers should install the patch at the earliest opportunity.
How to install Run attached file. Choose Yes on displayed dialog box.
How to use You don't need to do anything after installing this item.

Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us.

Thank you for using Microsoft products.

Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies.

--------------------------------------------------------------------------------
The names of the actual companies and products mentioned herein are the trademarks of their respective owners.

Contact Us | Legal | TRUSTe
©2003 Microsoft Corporation. All rights reserved. Terms of Use | Privacy Statement | Accessibility

Attachments: installer144.exe




Here's some more clues that the e-mail isn't legit: None of the links in the email function work properly. Also: The names of the actual companies and products mentioned herein are the trademarks of their respective owners.

Microsoft wouldn't have to include that if the e-mail came from them.









Also, a very bizarre spam e-mail is going around. It is a joke/hoax, but don't click on the link unless you want spyware and tracking cookies installed--and you don't want them. Trust me:

From: Sierra Jose (or whomever)
To: XXX@XXX.XXX
Date: XXX
Subject: Best Child Pornography Site

If you think you are receiving this message in an error - call here to unsubscribe - +1-863-859-0799



--------------------------------------------------------------------------------


Welcome to the site www.carderportal.org, it's us again, now we extended our offerings,
here is a list:

1. Heroin, in liquid and crystal form.
2. Rocket fuel and Tomohawk rockets (serious enquiries only).
3. Other rockets (Air-to-Air), orders in batches of 10.
4. New shipment of cocaine has arrived, buy 9 grams and get 10th for free.
5. We also offer gay-slaves for sale, we offer only such service on the NET,
you can choose the one you like, then get straight to business.
6. Fake currencies, such as Euros and US dollars, prices would match competition.
7. Also, as always, we offer widest range of child pornography and exclusive lolita
galleries, to keep out clients busy.

Everyone is welcome, be it in States or any other place worldwide.

ATTENTION. Clearance offer. Buy 30 grams of heroin, get 5 free.
Prepay your batch of rockets (air-to-air) and recieve a portable rocket-lacuncher
for free.

www.carderportal.org

This offer won't last! Only until 20th of August all our clients will also recieve
a pack of 2 CDs, with best selection of child pornography.


--------------------------------------------------------------------------------

If you think you are receiving this message in an error - call here to unsubscribe - +1-863-859-0799

DataColo (The best hosting for spam-advertised projects. It is impossible to stop us host spam-sites)
noc@datacolo.com
+1-863-859-0799

And though the holes were rather small
They could not count them all
Nobody knows how many holes it takes
To fill MSIE at all!

Lyrics came straight from a newspaper article he was reading one morning.

not checking first!

And many style points for your creativity, as well.

and when i went to check my emails in outlook, my virus program had caught the "swen" worm and didn't allow the email that it was attached to through. so it is definitely going around.

http://www.mozilla.org

nothing beats TABBED browsing ;->

peace

i havent been able to access it for a few days now.

jeremy told me about it this morning. im scanning my computer now.