[Esd-l] Fast-spreading worm is hitting us hard
Scott Taylor
scott at dctchambers.com
Sat Sep 20 07:48:22 PDT 2003
At 11:12 PM 09/19/2003, Brett Glass wrote:
>At 07:45 AM 9/19/2003, Robert Wagner wrote:
>
> >http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SWEN.A
>
>Yes, that's the one. And any institution or ISP that isn't blocking or
>stripping executable attachments is hosed, big time. We're up to several
>thousand copies blocked already.
Trend Micro's weekly virus report, calls this low risk and non-destructive.
<snippet>
2. No Swan Songs - WORM_SWEN.A (Low Risk)
<http://trendnewsletter.rsc03.net/servlet/cc5?lgLQSDYVkJhllxKJlJoHuILjkQJhuVaVW>WORM_SWEN.A
is a non-destructive, mass-mailing worm that poses as a legitimate email
from Microsoft Windows Update. In addition to its mass-mailing routine, it
attempts to propagate via peer-to-peer (P2P) file-sharing networks (such as
Kazaa), via IRC, and via newsgroups. WORM_SWEN.A also terminates antivirus
and firewall software running on an infected system. This malware runs on
Windows 95, 98, NT, ME, 2000, and XP.
</snippet>
What is low risk about it? I have never seen viruses emailed to this
account until this virus; and so many! This account is used mainly for
administrative mail lists, so obviously some admin types out there are
opening this virus; s/admin types/dumb-asses/ or worse: they are running
Outhouses. =P
What is non-destructive about "WORM_SWEN.A also terminates antivirus and
firewall software running on an infected system"? Me thinks they
contradict them selves, but I don't quite find them detestable yet. ;)
Scott.
More information about the esd-l
mailing list