A new e-mail worm has started to spread quickly, taking advantage of an Internet Explorer vulnerability that was first disclosed two years ago.
The bug, which has been alternately dubbed Swen and Gibe.F, appears to exploit a flaw that Microsoft first disclosed in a March 2001 security bulletin.

Ken Dunham, manager of malicious code intelligence for Reston, Va.-based iDefense, said that Swen preys upon people's best intentions, appearing as an e-mail that purports to be a security update from Microsoft.

The worm is programmed to send an official-looking e-mail that says it contains a "cumulative patch" for several Internet Explorer, Outlook and Outlook Express vulnerabilities.


A Microsoft representative noted that the software maker does not send out patches as e-mail attachments.

In addition to spreading via e-mail, experts said, Swen can be transmitted over services such as Internet relay chat (IRC) and through peer-to-peer networks. The virus turns on file sharing--if it is not already turned on--and creates a shared directory with multiple copies of itself under various file names, said Kevin Haley, a group product manager at Symantec Security Response. Among the files Swen tries to disguise itself as are virus removal tools.

More at (http://zdnet.com.com/2100-1104_2-507...ag=zdnnfd.main)

Security Bulletin