Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft "Swen" Worm Squiggles Into Sight

Posted by timothy on from the mmm-wriggling dept.

greenhide writes "As forecast in this story, a new Microsoft worm has indeed wriggled to the surface. The W32.Swen's claim to fame is its professional looking email advertisement that pretends to be a fake Microsoft patch. Earlier viruses have made the claim, but none of them looked this good. It appears to have infected over 1.5 million machines. "

2 of 789 comments (clear)

  1. The installer looks genuine too by Stonent1 · · Score: 5, Informative

    Network Assocaites has some screenshots of the installer http://vil.nai.com/vil/content/v_100662.htm

  2. Reject Executable Attachements by KidSock · · Score: 5, Informative

    It's a very good idea these days to just reject all executable attachments at "the gates" so to speak. I use postfix 1.1 so I added:

    body_checks = pcre:/etc/postfix/mime_header_checks

    to /etc/main.cf where the file referenced came from here:

    http://www.securitysage.com/files/mime_header_chec ks

    but there are many regular expression filters like this one. Note, with 2.x you need to use the 'mime_header_checks' directive rather than 'body_checks'.

    If you want to send someone an executable, send it to them in a zip or tar.gz.