Maybe the nannies should worry a little less about porn on the networks and a little more about hackers and crackers: a new worm, called W32.Swen, has hit cyberspace running toward peer-to-peer, Internet Relay Chat, and other vulnerable networks and network connections, top antivirus and cybersecurity companies began warning late September 18.
Finland's F-Secure, Network Associates, and Norton Antivirus maker Symantec have all put out the warning about Swen, which exploits a Microsoft Internet Explorer security hole posing as a Microsoft security update and, if the user agrees to install the fake update, it alters Windows configurations to launch when Windows is started, disables antivirus features on the affected computer, and mines stored e-mail addresses, detects IRC or Kazaa software applications, and distributes itself on those networks.
That's according to IDG News, which says e-mail messages infected with Swen are made to resemble official Microsoft correspondence from randomly-generated senders like "Technical Assistance" and push a "cumulative" IE patch for "three newly-discovered vulnerabilities."
If it detects Kazaa software on the infected computer, according to F-Secure, Swen kicks the file-sharing feature into operation if it isn't on already, and puts multiple copies of itself into the "Shared Files" folder disguised as Kazaa, pirated, or other popular software applications.
IDG said Swen is similar to an earlier W32 worm, Gibe, which turned up in March and also tried to spread by e-mail, Kazaa, and IRC, also while posing as official Microsoft correspondence or software. F-Secure, in fact, believes Gibe's author is also Swen's author.
