Virus Masquerading as Microsoft E-Mail - A new mass-mailing virus is on the
loose on the Internet, this one masquerading as a message from Microsoft
Corp. about a cumulative security patch. Known as either Swen or Gibe, the
virus arrives in an e-mail message with a subject line of "Microsoft
Critical Patch" and an executable attachment.

[Reminder: Microsoft NEVER sends emails with attachments to general users.]

http://www.eweek.com/article2/0,4149,1273249,00.asp

that this worm is running loose is not new - i got multiple emails in a 4
month period, but ignored them all because i knew it smelled either a hoax
or a virus.


"Chris Lanier" <(E-Mail Removed)> wrote in message
news:ukKT%(E-Mail Removed)...
> Virus Masquerading as Microsoft E-Mail - A new mass-mailing virus is on
the
> loose on the Internet, this one masquerading as a message from Microsoft
> Corp. about a cumulative security patch. Known as either Swen or Gibe, the
> virus arrives in an e-mail message with a subject line of "Microsoft
> Critical Patch" and an executable attachment.
>
> [Reminder: Microsoft NEVER sends emails with attachments to general
users.]
>
> http://www.eweek.com/article2/0,4149,1273249,00.asp
>
>

This one is a new variant--
PSS Security Response Team Alert - New E-Mail Worm: W32/Swen@MM

SEVERITY: MODERATE
DATE: September 18, 2003
PRODUCTS AFFECTED: Microsoft Outlook, Microsoft Outlook Express, and
Web-based e-mail

**********************************************************************

WHAT IS IT?
W32/Swen@MM spreads via e-mail and network shares. The Microsoft
Product Support Services Security Team is issuing this alert to advise
customers to be on the alert for this virus as it spreads in the wild.
Customers are advised to review the information and take the appropriate
action for their environments.

IMPACT OF ATTACK: Mass Mailing, disabling processes related to security
software such as antivirus and firewall software

TECHNICAL DETAILS:
For additional details on this worm from anti-virus software vendors
participating in the Microsoft Virus Information Alliance (VIA) please
visit the following links:

Network Associates:

http://vil.nai.com/vil/content/v_100662.htm

Trend Micro:

http://www.trendmicro.com/vinfo/viru...VName=WORM_SWE
N.A

Symantec

http://(E-Mail Removed)
ml

Computer Associates:

http://www3.ca.com/virusinfo/virus.aspx?ID=36939

For more information on Microsoft's Virus Information Alliance please
visit this link: http://www.microsoft.com/technet/security/virus/via.asp


Please contact your Antivirus Vendor for additional details on this
virus.


PREVENTION:

1. This worm is exploiting a previously patched vulnerability. The
vulnerability exploited is related to the following Microsoft Security
Bulletin:
http://www.microsoft.com/technet/sec...n/ms01-020.asp

As always, customers are advised to install the latest security patch
for Internet Explorer. Information on the latest cumulative security
patch for
Internet Explorer can be found here:
http://www.microsoft.com/technet/sec...n/MS03-032.asp

2. Outlook 2000 post SP2 and Outlook XP SP1 include the most recent
updates to improve the security in Outlook and other Office programs.
This includes the functionality to block potentially harmful attachment
types. If you are running either of these versions, they will (by
default) block the attachment, and you will be unable to open it.

To ensure you are using the latest version of Office click here:
http://office.microsoft.com/ProductUpdates/default.aspx

By default, Outlook 2000 pre SR1 and Outlook 98 did not include this
functionality, but it can be obtained by installing the Outlook E-mail
Security Update. More information about the Outlook E-mail Security
Update can be found here:

http://office.microsoft.com/Download.../Out2ksec.aspx

Outlook Express 6 can be configured to block access to
potentially-damaging attachments. Information about how to configure
this can be found here:

http://support.microsoft.com/default...;en-us;Q291387

Outlook Express all other versions: Previous versions of Outlook Express
do not contain attachment-blocking functionality. Please exercise
extreme caution when opening unsolicited e-mail messages with
attachments.

Web-based e-mail programs: Use of a program-level firewall can protect
you from being infected with this virus through Web-based e-mail
programs.

RECOVERY:
If your computer has been infected with this virus, please contact your
preferred antivirus vendor or Microsoft Product Support Services for
assistance with removing it.

TECHNET SECURITY LINK:
http://www.microsoft.com/technet/sec...lerts/swen.asp

As always please make sure to use the latest Anti-Virus detection from
your Anti-Virus vendor to detect new viruses and their variants.

If you have any questions regarding this alert please contact your
Microsoft representative or 1-866-727-2338 (1-866-PCSafety) within the
US, outside of the US please contact your local Microsoft Subsidiary.
Support for virus related issues can also be obtained from the Microsoft
Virus Support Newsgroup which can be located by clicking on the
following link
news://msnews.microsoft.com/microsof...security.virus.

PSS Security Response Team

--
Larry Samuels MS-MVP (Windows-Shell/User)
Associate Expert
Unofficial FAQ for Windows Server 2003 at
http://home.earthlink.net/~larrysamuels/WS2003FAQ.htm
Expert Zone - www.microsoft.com/windowsxp/expertzone

"Michael O'Connor" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> that this worm is running loose is not new - i got multiple emails in a 4
> month period, but ignored them all because i knew it smelled either a hoax
> or a virus.
>
>
> "Chris Lanier" <(E-Mail Removed)> wrote in message
> news:ukKT%(E-Mail Removed)...
> > Virus Masquerading as Microsoft E-Mail - A new mass-mailing virus is on
> the
> > loose on the Internet, this one masquerading as a message from Microsoft
> > Corp. about a cumulative security patch. Known as either Swen or Gibe,
the
> > virus arrives in an e-mail message with a subject line of "Microsoft
> > Critical Patch" and an executable attachment.
> >
> > [Reminder: Microsoft NEVER sends emails with attachments to general
> users.]
> >
> > http://www.eweek.com/article2/0,4149,1273249,00.asp
> >
> >
>
>

The pea-brained w*****s that write these email worms, I would guess, are
almost certainly always almost male, (note the two "almost's" in there), and
obviously have really small d***s. And so they spend their time trying to
muck up strangers computers.

I think it's really sad that they don't realize that this worm writing
passtime will not make their w****s any bigger !

regards, Richard


"Chris Lanier" <(E-Mail Removed)> wrote in message
news:ukKT%(E-Mail Removed)...
> Virus Masquerading as Microsoft E-Mail - A new mass-mailing virus is on
the
> loose on the Internet, this one masquerading as a message from Microsoft
> Corp. about a cumulative security patch. Known as either Swen or Gibe, the
> virus arrives in an e-mail message with a subject line of "Microsoft
> Critical Patch" and an executable attachment.
>
> [Reminder: Microsoft NEVER sends emails with attachments to general
users.]
>
> http://www.eweek.com/article2/0,4149,1273249,00.asp
>
>

"Richard Keirle" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> The pea-brained w*****s that write these email worms, I would guess, are
> almost certainly always almost male, (note the two "almost's" in there),
and
> obviously have really small d***s. And so they spend their time trying to
> muck up strangers computers.
>
> I think it's really sad that they don't realize that this worm writing
> passtime will not make their w****s any bigger !
>
> regards, Richard
>

Hey dude,
There seems to be some kind of malfunction deleting certain key alphabet
characters in your post.
Have you run a virus check recently?
Chek

hi--
new variant - moo sneeri-at -- doesn't matta. i just got a whole bunch of
these emails with attachments, plus some more with a couple of *.z9p or
something like that -- i just deleted all of them, including the deleted
items folder contents
m





Larry Samuels MS-MVP XP (Shell/User)" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> This one is a new variant--
> PSS Security Response Team Alert - New E-Mail Worm: W32/Swen@MM
>
> SEVERITY: MODERATE
> DATE: September 18, 2003
> PRODUCTS AFFECTED: Microsoft Outlook, Microsoft Outlook Express, and
> Web-based e-mail
>
> **********************************************************************
>
> WHAT IS IT?
> W32/Swen@MM spreads via e-mail and network shares. The Microsoft
> Product Support Services Security Team is issuing this alert to advise
> customers to be on the alert for this virus as it spreads in the wild.
> Customers are advised to review the information and take the appropriate
> action for their environments.
>
> IMPACT OF ATTACK: Mass Mailing, disabling processes related to security
> software such as antivirus and firewall software
>
> TECHNICAL DETAILS:
> For additional details on this worm from anti-virus software vendors
> participating in the Microsoft Virus Information Alliance (VIA) please
> visit the following links:
>
> Network Associates:
>
> http://vil.nai.com/vil/content/v_100662.htm
>
> Trend Micro:
>
> http://www.trendmicro.com/vinfo/viru...VName=WORM_SWE
> N.A
>
> Symantec
>
> http://(E-Mail Removed)
> ml
>
> Computer Associates:
>
> http://www3.ca.com/virusinfo/virus.aspx?ID=36939
>
> For more information on Microsoft's Virus Information Alliance please
> visit this link: http://www.microsoft.com/technet/security/virus/via.asp
>
>
> Please contact your Antivirus Vendor for additional details on this
> virus.
>
>
> PREVENTION:
>
> 1. This worm is exploiting a previously patched vulnerability. The
> vulnerability exploited is related to the following Microsoft Security
> Bulletin:
> http://www.microsoft.com/technet/sec...n/ms01-020.asp
>
> As always, customers are advised to install the latest security patch
> for Internet Explorer. Information on the latest cumulative security
> patch for
> Internet Explorer can be found here:
> http://www.microsoft.com/technet/sec...n/MS03-032.asp
>
> 2. Outlook 2000 post SP2 and Outlook XP SP1 include the most recent
> updates to improve the security in Outlook and other Office programs.
> This includes the functionality to block potentially harmful attachment
> types. If you are running either of these versions, they will (by
> default) block the attachment, and you will be unable to open it.
>
> To ensure you are using the latest version of Office click here:
> http://office.microsoft.com/ProductUpdates/default.aspx
>
> By default, Outlook 2000 pre SR1 and Outlook 98 did not include this
> functionality, but it can be obtained by installing the Outlook E-mail
> Security Update. More information about the Outlook E-mail Security
> Update can be found here:
>
> http://office.microsoft.com/Download.../Out2ksec.aspx
>
> Outlook Express 6 can be configured to block access to
> potentially-damaging attachments. Information about how to configure
> this can be found here:
>
> http://support.microsoft.com/default...;en-us;Q291387
>
> Outlook Express all other versions: Previous versions of Outlook Express
> do not contain attachment-blocking functionality. Please exercise
> extreme caution when opening unsolicited e-mail messages with
> attachments.
>
> Web-based e-mail programs: Use of a program-level firewall can protect
> you from being infected with this virus through Web-based e-mail
> programs.
>
> RECOVERY:
> If your computer has been infected with this virus, please contact your
> preferred antivirus vendor or Microsoft Product Support Services for
> assistance with removing it.
>
> TECHNET SECURITY LINK:
> http://www.microsoft.com/technet/sec...lerts/swen.asp
>
> As always please make sure to use the latest Anti-Virus detection from
> your Anti-Virus vendor to detect new viruses and their variants.
>
> If you have any questions regarding this alert please contact your
> Microsoft representative or 1-866-727-2338 (1-866-PCSafety) within the
> US, outside of the US please contact your local Microsoft Subsidiary.
> Support for virus related issues can also be obtained from the Microsoft
> Virus Support Newsgroup which can be located by clicking on the
> following link
> news://msnews.microsoft.com/microsof...security.virus.
>
> PSS Security Response Team
>
> --
> Larry Samuels MS-MVP (Windows-Shell/User)
> Associate Expert
> Unofficial FAQ for Windows Server 2003 at
> http://home.earthlink.net/~larrysamuels/WS2003FAQ.htm
> Expert Zone - www.microsoft.com/windowsxp/expertzone
>
> "Michael O'Connor" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > that this worm is running loose is not new - i got multiple emails in a
4
> > month period, but ignored them all because i knew it smelled either a
hoax
> > or a virus.
> >
> >
> > "Chris Lanier" <(E-Mail Removed)> wrote in message
> > news:ukKT%(E-Mail Removed)...
> > > Virus Masquerading as Microsoft E-Mail - A new mass-mailing virus is
on
> > the
> > > loose on the Internet, this one masquerading as a message from
Microsoft
> > > Corp. about a cumulative security patch. Known as either Swen or Gibe,
> the
> > > virus arrives in an e-mail message with a subject line of "Microsoft
> > > Critical Patch" and an executable attachment.
> > >
> > > [Reminder: Microsoft NEVER sends emails with attachments to general
> > users.]
> > >
> > > http://www.eweek.com/article2/0,4149,1273249,00.asp
> > >
> > >
> >
> >
>
>

I feel very lucky to have a ISP that filters all spam and potential virus
messages and allows me to view and then delete from their server.

Joel

"Michael O'Connor" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> that this worm is running loose is not new - i got multiple emails in a 4
> month period, but ignored them all because i knew it smelled either a hoax
> or a virus.
>
>
> "Chris Lanier" <(E-Mail Removed)> wrote in message
> news:ukKT%(E-Mail Removed)...
> > Virus Masquerading as Microsoft E-Mail - A new mass-mailing virus is on
> the
> > loose on the Internet, this one masquerading as a message from Microsoft
> > Corp. about a cumulative security patch. Known as either Swen or Gibe,
the
> > virus arrives in an e-mail message with a subject line of "Microsoft
> > Critical Patch" and an executable attachment.
> >
> > [Reminder: Microsoft NEVER sends emails with attachments to general
> users.]
> >
> > http://www.eweek.com/article2/0,4149,1273249,00.asp
> >
> >
>
>

Don't depend on them totally, they can't filter a new virus
for a day or so, until they have written a code to detect
and clean it.


"Joel Estes" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
| I feel very lucky to have a ISP that filters all spam and
potential virus
| messages and allows me to view and then delete from their
server.
|
| Joel
|
| "Michael O'Connor" <(E-Mail Removed)> wrote in
message
| news:(E-Mail Removed)...
| > that this worm is running loose is not new - i got
multiple emails in a 4
| > month period, but ignored them all because i knew it
smelled either a hoax
| > or a virus.
| >
| >
| > "Chris Lanier" <(E-Mail Removed)> wrote in
message
| > news:ukKT%(E-Mail Removed)...
| > > Virus Masquerading as Microsoft E-Mail - A new
mass-mailing virus is on
| > the
| > > loose on the Internet, this one masquerading as a
message from Microsoft
| > > Corp. about a cumulative security patch. Known as
either Swen or Gibe,
| the
| > > virus arrives in an e-mail message with a subject line
of "Microsoft
| > > Critical Patch" and an executable attachment.
| > >
| > > [Reminder: Microsoft NEVER sends emails with
attachments to general
| > users.]
| > >
| > > http://www.eweek.com/article2/0,4149,1273249,00.asp
| > >
| > >
| >
| >
|
|

Thanks for the advice, however, I do have Norton, but not too sure if they
are ahead of the ISP or the ISP is ahead of them. Either way, I don't care
as long as it does not reach my computer.
So far the ISP has caught all of them and so do not know if the AV would
have done the job or not.

Joel

"Jim Macklin" <p51mustang-spoof-(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Don't depend on them totally, they can't filter a new virus
> for a day or so, until they have written a code to detect
> and clean it.
>
>
> "Joel Estes" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> | I feel very lucky to have a ISP that filters all spam and
> potential virus
> | messages and allows me to view and then delete from their
> server.
> |
> | Joel
> |
> | "Michael O'Connor" <(E-Mail Removed)> wrote in
> message
> | news:(E-Mail Removed)...
> | > that this worm is running loose is not new - i got
> multiple emails in a 4
> | > month period, but ignored them all because i knew it
> smelled either a hoax
> | > or a virus.
> | >
> | >
> | > "Chris Lanier" <(E-Mail Removed)> wrote in
> message
> | > news:ukKT%(E-Mail Removed)...
> | > > Virus Masquerading as Microsoft E-Mail - A new
> mass-mailing virus is on
> | > the
> | > > loose on the Internet, this one masquerading as a
> message from Microsoft
> | > > Corp. about a cumulative security patch. Known as
> either Swen or Gibe,
> | the
> | > > virus arrives in an e-mail message with a subject line
> of "Microsoft
> | > > Critical Patch" and an executable attachment.
> | > >
> | > > [Reminder: Microsoft NEVER sends emails with
> attachments to general
> | > users.]
> | > >
> | > > http://www.eweek.com/article2/0,4149,1273249,00.asp
> | > >
> | > >
> | >
> | >
> |
> |
>
>

they do get thru the ISPs. they do. these posts are proof of that.

m

"Joel Estes" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Thanks for the advice, however, I do have Norton, but not too sure if they
> are ahead of the ISP or the ISP is ahead of them. Either way, I don't
care
> as long as it does not reach my computer.
> So far the ISP has caught all of them and so do not know if the AV would
> have done the job or not.
>
> Joel
>
> "Jim Macklin" <p51mustang-spoof-(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
> > Don't depend on them totally, they can't filter a new virus
> > for a day or so, until they have written a code to detect
> > and clean it.
> >
> >
> > "Joel Estes" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> > | I feel very lucky to have a ISP that filters all spam and
> > potential virus
> > | messages and allows me to view and then delete from their
> > server.
> > |
> > | Joel
> > |
> > | "Michael O'Connor" <(E-Mail Removed)> wrote in
> > message
> > | news:(E-Mail Removed)...
> > | > that this worm is running loose is not new - i got
> > multiple emails in a 4
> > | > month period, but ignored them all because i knew it
> > smelled either a hoax
> > | > or a virus.
> > | >
> > | >
> > | > "Chris Lanier" <(E-Mail Removed)> wrote in
> > message
> > | > news:ukKT%(E-Mail Removed)...
> > | > > Virus Masquerading as Microsoft E-Mail - A new
> > mass-mailing virus is on
> > | > the
> > | > > loose on the Internet, this one masquerading as a
> > message from Microsoft
> > | > > Corp. about a cumulative security patch. Known as
> > either Swen or Gibe,
> > | the
> > | > > virus arrives in an e-mail message with a subject line
> > of "Microsoft
> > | > > Critical Patch" and an executable attachment.
> > | > >
> > | > > [Reminder: Microsoft NEVER sends emails with
> > attachments to general
> > | > users.]
> > | > >
> > | > > http://www.eweek.com/article2/0,4149,1273249,00.asp
> > | > >
> > | > >
> > | >
> > | >
> > |
> > |
> >
> >
>
>