Win32:Swen and avast

[Mark Carter]

Wow, someone or some people keep emailing me the Win32:Swen virus. They
must really have it bad. I'm getting it really frequently (at least once
an hour). The thing is, Avast keeps popping up a message asking me if I
want to delete the infected message from my inbox. Is there a way I can
get Avast to just silently delete it without keep bothering me?

Anyone else keep receiving the virus?

 

[David H. Lipman]

| Wow, someone or some people keep emailing me the Win32:Swen virus. They
| must really have it bad. I'm getting it really frequently (at least once
| an hour). The thing is, Avast keeps popping up a message asking me if I
| want to delete the infected message from my inbox. Is there a way I can
| get Avast to just silently delete it without keep bothering me?
|
| Anyone else keep receiving the virus?

If you post to UseNet with your TRUE, not a munged, email address then you have invited the
swen Internet worm [aka; W32/Gibe-F] to visit you.

The Swen is news spelled backwards. The reason it is called this is because the Swen worm
harvests email addresses from UseNet News Groups. It has an engine that allows it to post
itself to UseNet News Groups and well as it has its own email engine. From the list of
email addresses that it has harvested, it will then email itself to those addresses.

W32/Swen@MM - http://vil.nai.com/vil/content/v_100662.htm

W32.Swen.A@mm - http://securityresponse.symantec.com/avcenter/venc/data/[email protected]


There are several Internet worms that masquerade as patches from Microsoft. The most common
are; Swen, Dumaru, Gibe and Torvil. All AV companies and Microsoft are fully aware of this
problem.

All you can do is...

1. Keep your AV package up-to-date
2. Create email "rules" to auto-delete the offending messages
3. Petition your ISP to install AV software on their respective email servers.
4. Install *all* MS Critical Updates via the Windows Update web site.
5. Always munge your email address when posting to UseNet
6. If all else fails, Change your email address.

Any further questions, post in; alt.comp.virus or alt.comp.anti-virus

 

[André Gulliksen]

Wow, someone or some people keep emailing me the Win32:Swen virus.
They must really have it bad. I'm getting it really frequently (at
least once an hour). The thing is, Avast keeps popping up a message
asking me if I want to delete the infected message from my inbox. Is
there a way I can get Avast to just silently delete it without keep
bothering me?

The free personal edition of Avast! cannot do this, unfortunately. Either
way, you would be way better of if these mails got deleted _before_ you
download your mails. There are two ways of doing this:

1) Get your ISP to scan and delete mails with malicious content.

2) Use software such as Mailwasher (http://www.mailwasher.net/) to delete
unwanted mails without even downloading it. I believe there is a free
version out there, and this program was a life saver for me when I kept
getting around 100 Swen mails per single day. Making a rule to detect and
remove Swen is relatively simple.

I see someone suggested using fake mail addresses on news. This may be a
good idea in the long run, but do not expect this to change anything over
night. Once your real address has been posted, the cat is basically out of
the bag. So unless you also change your address, don't expect any miracles.