SAN FRANCISCO (09/22/2003) - Anti-virus companies are warning Internet users about W32.Swen, a new worm that spreads using e-mail messages, vulnerable network connections, Internet Relay Chat and peer-to-peer networks.
Swen exploits a security hole in Microsoft Corp.'s Internet Explorer and affects all versions of the Windows operating system, says F-Secure Corp. of Helsinki, Finland.
The worm poses as a software security update from Microsoft, prompting users with "Yes" or "No" buttons to agree to install the update. However, the worm code is installed regardless of what users select. Once on an infected system, Swen alters the Windows operating system configuration so the worm is launched whenever Windows is started.
The worm also detects and disables anti-virus software or other Windows features that could be used to disable it, according to F-Secure.
Like other mass mailing worms, Swen scans an infected machine's hard drive for e-mail addresses and uses those to send out more copies of itself, skimming Simple Mail Transfer Protocol server addresses and user names from Windows. Infected e-mail messages are formatted to look like official correspondence from Microsoft.
Network World is an InfoWorld affiliate.