Order / Renew Products Download Support Virusinfo E-Mail Alerts Partners About

8 October 2003
New versions of F-Prot Antivirus released
FRISK Software international has released version 4.2.0 of F-Prot Antivirus for BSD
8 October 2003
New version of F-Prot Antivirus released
Version 3.14b of F-Prot Antivirus for DOS has been released
6 October 2003
New version of F-Prot Antivirus released
Version 3.14b of F-Prot Antivirus for Windows has been released

6 October 2003
W32/Qhost.A, a trojan that spreads via infectious websites
This trojan is designed to allow an attacker to remotely hijack your browser

for Application / Script viruses and Trojans:

for Document / Office / Macro viruses:
 

W32/Swen.A@mm, a very legitimate looking worm

18 September 2003

W32/Swen.A@mm (a.k.a. W32/Gibe.F@mm) is a new mass-mailing worm that infects via e-mails falsely claiming to be from Microsoft. It also claims to provide a new version of a security patch provided by Microsoft earlier this month.

Microsoft, however, has a policy of never distributing software via e-mail and advises users receiving e-mails claiming to contain software from Microsoft not to run the attachment and to delete such e-mail messages altogether. More information regarding Microsoft's policies on software distribution can be found at Microsoft's website.

The e-mail's text and look are convincing and all links within the message lead to the correct pages at Microsoft's website, so it is not surprising that this worm is now spreading fast.

Recommended Reactions

Users are urged to update their virus signature files for F-Prot Antivirus. W32/Swen.A@mm is detected by virus signature files dated 18 September or later.

After updating the virus signature files, users should scan their whole system with the F-Prot Antivirus OnDemand scanner to ensure that their computer security was not compromised before the virus signature files were updated.

Threat Description

As well as spreading via e-mail the worm also attempts to spread via KaZaA and IRC file-sharing networks. On infecting a computer the worm attempts to terminate any known antivirus and firewall software that it finds running.

Please note that if the patch discussed in Microsoft Security Bulletin MS01-027 (Q295106, Q299618) has not been applied then the attachment will be executed automatically as soon as the e-mail is opened. The patch prevents this automatic execution of the attachment but will not prevent infection if the attachment is opened manually.

For more information on W32/Swen.A@mm please see the technical description.

Threat Detection

The latest versions of F-Prot Antivirus detect W32/Swen.A@mm using virus signature files dated 18 September or later.

FRISK Software International is a leading developer of anti virus software and anti spam filtering services. FRISK Sofware International's anti virus computer software, F-Prot Antivirus, is available for various operating systems such as Linux, BSD, Windows, and AIX as well as the Microsoft Exchange groupware. The company also offers F-Prot AVES, the anti spam and anti virus filtering service.



Products for Corporate Users:

F-Prot Antivirus Alert Service
F-Prot AVES E-mail Service
F-Prot Antivirus for Windows
F-Prot Antivirus for Exchange
F-Prot Antivirus for Linux
F-Prot Antivirus for BSD
F-Prot Antivirus for AIX
F-Prot Antivirus for DOS
Products for Home Users:

F-Prot Antivirus Alert Service
F-Prot Antivirus for Windows
F-Prot Antivirus for Linux
F-Prot Antivirus for BSD
F-Prot Antivirus for DOS
Downloads:

F-Prot Antivirus for Windows
F-Prot Antivirus for Exchange
F-Prot Antivirus for Linux
F-Prot Antivirus for BSD
F-Prot Antivirus for AIX
F-Prot Antivirus for DOS
Latest Threats:

W32/Swen.A@mm
W32/Sobig.F@mm
W32/Dumaru.A@mm
W32/Nachi.A
W32/Msblast.D