Posted by : Deepak Vasudevan Friday, September 19, 2003
A new virus/worm seems to be spreading W32.Swen.A@mm I just checked the Symantec URL and here are the details:
Perhaps SpamPal is a savior in these cases with its HtmlModify Plugin since all bad attachments are renamed as plain text files that only Notepad can open. The worm seems be bit powerful, since it also deactivates Network Firewalls from being functional, as the Symantec WebPage claims. While SpamPal cordons off one way for the worm spreading (the 70% communication medium), the worm also seems to spread via Network shares. Perhaps care should be taken in exercising logon attempts at remote workstations using logon credentials with administrative privileges like accessing network shares using administrative shares, since if the system used to access administrative share is infected, then the worm may drop a copy of the same onto the target subsystem. I am not sure whether the worm does this, so if you have a comment, why not update as a comment out here.