[Esd-l] Fast-spreading worm is hitting us hard

Scott Taylor scott at dctchambers.com
Sat Sep 20 07:48:22 PDT 2003


At 11:12 PM 09/19/2003, Brett Glass wrote:
>At 07:45 AM 9/19/2003, Robert Wagner wrote:
>
> >http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SWEN.A
>
>Yes, that's the one. And any institution or ISP that isn't blocking or
>stripping executable attachments is hosed, big time. We're up to several
>thousand copies blocked already.


Trend Micro's weekly virus report, calls this low risk and non-destructive.

<snippet>
2. No Swan Songs - WORM_SWEN.A (Low Risk)

<http://trendnewsletter.rsc03.net/servlet/cc5?lgLQSDYVkJhllxKJlJoHuILjkQJhuVaVW>WORM_SWEN.A 
is a non-destructive, mass-mailing worm that poses as a legitimate email 
from Microsoft Windows Update. In addition to its mass-mailing routine, it 
attempts to propagate via peer-to-peer (P2P) file-sharing networks (such as 
Kazaa), via IRC, and via newsgroups. WORM_SWEN.A also terminates antivirus 
and firewall software running on an infected system. This malware runs on 
Windows 95, 98, NT, ME, 2000, and XP.
</snippet>

What is low risk about it?  I have never seen viruses emailed to this 
account until this virus; and so many!  This account is used mainly for 
administrative mail lists, so obviously some admin types out there are 
opening this virus;  s/admin types/dumb-asses/ or worse: they are running 
Outhouses. =P

What is non-destructive about "WORM_SWEN.A also terminates antivirus and 
firewall software running on an infected system"?  Me thinks they 
contradict them selves, but I don't quite find them detestable yet. ;)

Scott.
    



More information about the esd-l mailing list