Swen Virus - screen shots

The Swen Virus

Just when you think that you've seen everything in a virus, some new terrorist comes along with a devious deviation on an existing idea. It's enough to make the general population of computer users paranoid. And that paranoia is exactly what the creator of the Swen virus is taking advantage of. He (or she?) has written a virus that looks like a message from Microsoft; only it is a bit more compelling than past messages - and it speads in other ways too. It is dangerous because it turns off much of the virus protection you already have. But it can be stopped.

It's actually our paranoia about viruses that make us so susceptible to Swen. We've been conditioned to expect new viruses, and to have to download new patches from Microsoft to update the security of our systems against these viruses and other threats. So it wouldn't seem so out of hand to expect a notice from Microsoft that a new patch is available.

That's exactly what Swen looks like. (Screen Shot) Swen tells you that an update is ready and that you need to install it to secure your system. It even has an attachment. But the attachment is the virus. When you double click on it to save your system, you see a couple dialog boxes which make it look like it is downloading a file from the net. But in actuality, it is infecting your system and changing your system registry so it can recreate itself on login.

The infected system then sends the virus out to people you know, puts itself on shared drives so others on your network (if it isn't a standalone system) can be infected, and makes it possible to share the virus over p2p file sharing systems, including KaZaA, and IRC chat.

To top it off, Swen disables scads of anti-virus and firewall programs that might be protecting your system including Norton, Panda and McAfee anti-virus. So it lowers your protection from further attacks.

It's a little extra touch in Swen that makes me think the writer has "moxie". When Swen infects your system, it ticks off a counter on a server located on the Internet, which tells the writer how many people have been infected.

The Usual Solutions, Plus...

An actual Microsoft patch will protect you from Swen. If you haven't yet installed Internet Explorer patch MS01-020, do it now to correct a flaw that might open the floodgates for Swen and similar viruses. (Shouldn't that be 'viri'?) You can do it through Windows Update. DO NOT accept an attachment from anybody with a supposed Microsoft patch.

Also update your anti-virus software now so it has the latest virus definition files. If you don't have an anti-virus installed, get one immediately - and make sure it is installed on EVERY system you own or use.

Because Swen can be difficult to remove - especially after it turns off your anti-virus software, several vendors offer a special Swen removal tool. Download the tool from your anti-virus software vendor and use it ASAP.

As a precautionary measure, don't open attachments unless they are something you expected. In particular, Microsoft does not send patches via email. If you ever get a message from Microsoft with an attachment, immediately be on guard. If you receive something that you think is real, don't even click on the link in the email. Instead, go to www.microsoft.com using the address field of your web browser. Then use the search function to find the item you want. If it is real, and from Microsoft, you'll find it. Otherwise, it may be a scam, hoax, virus, worm or other security threat.

More about other security issues on MegabyteMinute.com

Megabyte Minute Tip Letter - 1803mbm
Go To Page 3

Spread the word

Please pass this Tip Letter on to others. If you received this from a friend, please sign up for a subscription of your own. It costs you nothing to join. And you'll get the Megabyte Minute Tip Letter right in your own email inbox as soon as it is released. Better yet, subscribe to Spam Slicer. Then subscribe to the Megabyte Minute Tip Letter.

Read it on the web

• Guilty parties abound in download brouhaha

• Johnny Jet Travels

• Typing needed for computers but not PDAs

• Upgrades can have undesired side effects

• Quill Mouse changes the way you scroll

• Failure to get e-mail subscriptions may be on your end

• Looking for DLL in all the right places

• Universities and ISPs React To Subpeonas

• Problems seen with Windows XP security update

• Internet Telephones

Google Links

You'll notice that we have added Google search links on various pages on our new Megabyte Minute web site. Please use them to find additional information about our topic matter. They are specially served by Google to be related to the topic of the page you're reading.

If you don't want to lose your page, instead of left-clicking on the Google link, right-click. Then select [Open in New Window]. A new window will pop up with the Googled page. The Megabyte Minute page will stay open - behind the new window.

Keep The Megabyte Minute Tip Letter Free

We're glad to count you as a subscriber. Please help us pay for the costs of creating and sending the Tip Letter. You can do it in several ways:

1. Purchase Spam Slicer for yourself or your company. (You'll get the benefits of the Home Edition, Family Pack or Small Business Edition. It's perfect for people who subscribe to various newsletters.)
2. Use the Google links on the Megabyte Minute web site.
3. Sponsor our national radio show - Megabyte Minute
4. Purchase cost-effective, targeted advertising in the Tip Letter

David is available for corporate coaching, workshops, and presentations. Find out more by clicking the Contact tab at the top of this page.

MEGABYTE MINUTE TIP LETTER
Issue 1803mbm
Monday, September 29, 2003
---------------------------------
Megabyte Minute, The Radin Report, and TipLetter are trademarks of M. Masters Corporation. All rights reserved. Spam Slicer is a trademark of Spam Slicer LLC. All rights reserved. All other trademarks are owned by their respective companies.