Worm threatens corporate networks


Worm threatens corporate networks

A worm that passes itself off as a Microsoft security bulletin poses a medium-to-high risk to corporate networks, according to security company Aladdin Knowledge Systems.

Win32.Swen.A, a variant of the Gibe worm, poses as a Microsoft security patch, said Ken Dunham, malicious code intelligence manager at iDefense. It has been intercepted in 66 countries so far, with well over 30,000 interceptions within the first 24 hours noted  on public tracking sites. The worm has gained a solid foothold in the US, UK and the Netherlands.

"What's unique about this is that the older one was written in Visual Basic, and this newer worm is a lot more complicated - it is highly randomised and is written in C," Dunham said, warning that the changes make the worm more difficult to detect and filter out manually.

At present, the worm is primarily e-mail based, but Swen can also spread through peer-to-peer and Internet Relay Chat. 

"When it's done, it might also display a screen that's very official looking that tells users they may lose functionality of Outlook and Outlook Express unless you fill in certain information like your server name, your POP3, and your account name and password," he said.

"Once that information is submitted, it doesn't go to Microsoft or anybody else other than the attacker. So they're acquiring a wide variety of e-mail information and that sort of thing that they might want to use in a further attack or to further compromise the affected computers." 

Helsinki-based security company F-Secure rated the worm as a "Level 2" threat, with the potential for a large number of infections. 

Computer Associates, in a statement on its website, gave the Win32.Swen.A worm a "low" rating for destructiveness, but described it as "high" for pervasiveness.

Linda Rosencrance writes for Computerworld

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy