frank arrigo meets blogger

Saturday, September 20, 2003

Email worm masquerades as protector

Anti-virus companies have warned of a new computer worm circulating through email that purports to be security software from Microsoft Corp but actually tries to disable security programs that are already running.
The worm, dubbed 'Swen' or 'Gibe', takes advantage of a two-year-old hole in Internet Explorer and affects systems that have not installed a patch for that security hole, according to the internet security company Network Associates Inc.

The malicious program arrives as an attachment to an email pretending to contain a patch for holes in Internet Explorer, Outlook and Outlook Express and then mails itself off to addresses located on the victim's computer.
The worm also can spread over internet relay chat and the KaZaa peer-to-peer network, as well as copy itself over shared networks, Network Associates said.

When it infects a computer it alerts a website that appears to be counting the infections, according to Symantec Corp, another internet security outfit. The number of the counter was near 760,000 yesterday, Sydney time.

Network Associates rated the worm a low risk for corporate users and a medium risk for home users. The company and rival Symantec, among others, were offering anti-virus updates that detects and removes the worm.

Microsoft has cautioned customers in the past against email software updates, saying it does not distribute patches that way but rather directs them to its website.