Less than 24 hours after first being detected, the Swen blended-threat worm picked up steam Friday, gained a foothold in the U.S. and the U.K., and accounted for over 35,000 interceptions by e-mail filtering firm MessageLabs. Swen — also called W32/Swen@MM, Gibe, and W32/Gibe-F — masquerades as e-mail from Microsoft, and purports to carry a security update as its file attachment. The worm can also propagate over Internet Relay Chat (IRC) and peer-to-peer files sharing networks such as KaZaA, as well as over network shares within the firewall if an machine inside the enterprise is infected. “It is highly effective in spreading because it looks very official and masquerades as a legitimate e-mail from Microsoft, or as a fix tool for a well-known virus,” said Ken Dunham, an analyst with security firm iDefense. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.