Posted on 22-9-2003

New email worm targets hole in Internet Explorer
20 Oct03

Anti-virus companies warned on Thursday of a new computer worm circulating
through email that purports to be security software from Microsoft Corp.
but actually tries to disable security programs that are already running.

The worm, dubbed "Swen" or "Gibe," takes advantage of a two-year-old hole
in Internet Explorer and affects systems that have not installed a patch
for that security hole, according to internet security company Network
Associates Inc.

The malicious program arrives as an attachment to an email pretending to
contain a patch for holes in Internet Explorer, Outlook and Outlook Express
and then mails itself off to addresses located on the victim's computer.

The worm also can spread over internet relay chat and the KaZaa
peer-to-peer network, as well as copy itself over shared networks, Network
Associates said.

When it infects a computer it alerts a website that appears to be counting
the infections, according to Symantec Corp., another internet security
outfit. The number of the counter was near 760,000 by Thursday afternoon.

Network Associates rated the worm a low risk for corporate users and a
medium risk for home users. The company and rival Symantec, among others,
were offering anti-virus updates that detects and removes the worm.

Microsoft has cautioned customers in the past against email software
updates, saying it does not distribute patches that way but rather directs
them to its website.

Users of Internet Explorer... or any Microsoft product whatsoever, should
regularly go to www.microsoft.com/downloads/ to view latest of a
never-ending series of patches and bug-fixes. There is an `auto-update'
facility which would be a prudent thing to use.