Information about the Swen-A worm.

Virus name:   Swen-A.

Status:   Real.

Example:   [Collected on the Internet, 2003]

  Microsoft   All Products | Support | Search | Microsoft.com Guide  
Microsoft Home   

Microsoft Customer

this is the latest version of security update, the "September 2003, Cumulative Patch" update which resolves all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three new vulnerabilities. Install now to maintain the security of your computer from these vulnerabilities, the most serious of which could allow an malicious user to run executable on your computer. This update includes the functionality of all previously released patches.

  System requirements Windows 95/98/Me/2000/NT/XP
 This update applies to MS Internet Explorer, version 4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later
 Recommendation Customers should install the patch at the earliest opportunity.
 How to install Run attached file. Choose Yes on displayed dialog box.
 How to use You don't need to do anything after installing this item.

Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us.

Thank you for using Microsoft products.

Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies.

The names of the actual companies and products mentioned herein are the trademarks of their respective owners.

Contact Us   |   Legal   |   TRUSTe
©2003 Microsoft Corporation. All rights reserved. Terms of Use  |  Privacy Statement |  Accessibility

Origins:   Swen-A is another virus delivery disguised as a Microsft Security update mailing, a mass-mailing worm which uses its own SMTP engine to spread itself by e-mail (and through file-sharing networks) and attempts to kill antivirus and personal firewall programs. (As Microsoft has often warned their customers, they never distribute software directly via e-mail.)

The text of the message is as quoted above. Swen-A generally uses combinations of the adjectives "New(est)," "Current," "Latest," and "Critical" with "Patch," "Pack," "Upgrade" and "Update" (modified by "Internet," "Net(work)," "Microsoft," and "Security") to form subject lines such as the following:
  • patch
  • New Microsoft Critical Patch
  • Current Microsoft Critical Patch
  • Current Critical Patch
  • Current Network Patch
  • Current Network Critical Upgrade
  • Current Net Security Pack
  • New Microsoft Security Pack
  • Current Microsoft Security Update
  • Microsoft Critical Patch
  • Newest Net Security Update
  • Newest Net Security Pack
  • Latest Net Security Patch
  • New Network Upgrade
  • Newest Pack
  • Last Internet Critical Update
  • Latest Critical Pack
  • Latest Critical Upgrade
  • Latest Microsoft Security Update
  • Newest Patch
  • Newest Net Update
  • New Network Update
  • New Net Critical Update
The attachment filename is usually a combination of "Installer," "upgrade," "update," "pack," or the letter "Q" followed by a string of digits (or letters), to which the extension ".exe" is appended, producing names such as the following:
  • patch.exe
  • Installer8.exe
  • Installer64.exe
  • upgrade3871.exe
  • install8.exe
  • Qemf.exe
  • Qmhf.exe
  • Q262891.exe
  • Q566953.exe
  • Q551852.exe
  • pack.exe
  • pack73.exe
  • update.exe
  • update88.exe
This virus is similar in function to last year's Gibe worm and exploits a software flaw for which Microsoft provides a genuine patch. Symantec has also made a Swen-A removal tool available on its web site.

Additional Information:
    W32.Swen.A W32.Swen.A@mm   (Symantec)
Last updated:   29 January 2008


David Mikkelson founded snopes.com in 1994, and under his guidance the company has pioneered a number of revolutionary technologies, including the iPhone, the light bulb, beer pong, and a vaccine for a disease that has not yet been discovered. He is currently seeking political asylum in the Duchy of Grand Fenwick.