Feed Sign in with OpenID OpenID

Simon Willison’s Weblog

New virus?

I don’t usually get more than 5 or 6 spams a day, but today I’ve been hammered with an additional 7 emails with executable attachments claiming to be the “latest critical patch” from Microsoft. The emails are HTML formatted and make a pretty convincing rendition of a Microsoft.com page, so I can see how less savvy internet users could easily fall for them. Is this yet another virus outbreak? I make that the third in as many weeks.

Posted 19th September 2003 at 7:35 pm

This is New virus? by Simon Willison, posted on 19th September 2003.

View blog reactions

Next: The pirate's code

Previous: Aaaaarr

12 comments

  1. Yep. Sure is. Still nothing more than a glorified trojan, but does play havoc with the trusting innocents.

    jr - 19th September 2003 19:42 - #

  2. yep. w32.swen/a.

    jim winstead - 19th September 2003 19:43 - #

  3. Yep – believe it's related to the articles mentioned in this Slashdot article. Gotten about half a dozen copies of the e-mail myself today.

    Ethan - 19th September 2003 19:44 - #

  4. At least this one isn't generating millions of erroneous bounce messages to everyone, like SoBig.F.

    Matt Brubeck - 19th September 2003 19:52 - #

  5. Yep. Swen. See this article: http://rss.com.com/2100-7349_3-5078696.html

    Bill Brandon - 19th September 2003 20:31 - #

  6. My guess is that this is the W32.Swen.A@mm virus...

    Symantec Security Response
    W32.Swen.A@mm is a mass-mailing worm that uses its own SMTP engine to spread itself. It attempts to spread through file-sharing networks, such as KaZaA and IRC, and attempts to kill antivirus and personal firewall programs running on a computer.

    The worm can arrive as an email attachment. The subject, body, and From: address of the email may vary. Some examples claim to be patches for Microsoft Internet Explorer, or delivery failure notices from qmail.

    More info and screen shots: W32.Swen.A@mm...

    Vidvandre - 19th September 2003 20:47 - #

  7. I've had a couple thousand of them since this time yesterday, andding up to hundreds of megabytes of disk space and bandwidth used. I think a few prolific spammers are infected, which is annoying as my spam filter catches the spam but not Swen. Bloody annoying.

    Jim Dabell - 19th September 2003 20:56 - #

  8. Another Windows virus... I'd been getting to feel pretty smugly superior to all those Windoze-using losers... Until this week brought remote holes in both OpenSSH and Sendmail.

    Spend enough time installing security updates, and I start to feel their pain.

    Jacques Distler - 19th September 2003 21:01 - #

  9. I feel quite self righteous, although I was hammered by 616 of these. Fortunately I got two yesterday that my spam filter 'spambayes' had assigned as possible spam. Moving them to spam I didn't get a wrong hit for the rest of the day and the next day. I only noticed how many I'd got at the end of the day. I think Jim is right, if you were on any apm lists you were going to get a hell of a lot. Not on many spam lists you'd generally be okish.

    Tim Parkin - 19th September 2003 21:15 - #

  10. you're licky ive recieved up to 400 copies of this ms email a day for the last 8 days :( mark

    mark - 1st October 2003 09:51 - #

  11. ive recieved up to 70 copies. :(

    Alia - 4th November 2003 22:00 - #

  12. Definately a glorified trojan

    vicky - 21st July 2005 11:20 - #

Comments are closed.

Previously hosted at http://simon.incutio.com/archive/2003/09/19/newVirus

A django site