Fact Check


Information about the Swen-A worm.

Published Sept. 19, 2003


Virus name:   Swen-A.

Status:   Real.

Example:   [Collected on the Internet, 2003]

  All Products | Support |
Search |
Microsoft.com Guide  
Microsoft Home  

Microsoft Customerthis is the latest version of
security update, the "September 2003, Cumulative Patch" update which
resolves all known security vulnerabilities affecting MS Internet
Explorer, MS Outlook and MS Outlook Express as well as three new
vulnerabilities. Install now to maintain the security of your computer
from these vulnerabilities, the most serious of which could allow an
malicious user to run executable on your computer. This update includes
the functionality of all previously released patches.

  System requirements Windows 95/98/Me/2000/NT/XP
This update applies to MS Internet Explorer, version 4.01 and laterMS
Outlook, version 8.00 and laterMS Outlook Express, version 4.01 and
Recommendation Customers should install the patch at the earliest
How to install Run attached file. Choose Yes on displayed dialog
How to use You don't need to do anything after installing
this item.

Microsoft Product Support Services and Knowledge Base
articles can be found on the Microsoft Technical Support web site. For security-related
information about Microsoft products, please visit the Microsoft Security
web site, or Contact Us. Thank you for using Microsoft
Please do not reply to this message.
It was sent from an unmonitored e-mail address and we are unable to
respond to any replies.

The names of the actual companies and products
mentioned herein are the trademarks of their respective owners.

Contact Us   |   Legal   |  
©2003 Microsoft Corporation. All rights
reserved. Terms of
 |  Privacy

Origins:   Swen-A is another virus delivery disguised as a Microsft Security update mailing, a mass-mailing worm which uses its own SMTP engine to spread itself by e-mail (and through file-sharing networks) and attempts to kill antivirus and personal firewall programs. (As Microsoft has often warned their customers, they never distribute software directly via e-mail.)

The text of the message is as quoted above. Swen-A generally uses combinations of the adjectives "New(est)," "Current," "Latest," and "Critical" with "Patch," "Pack," "Upgrade" and "Update" (modified by "Internet," "Net(work)," "Microsoft," and "Security") to form subject lines such as the following:

  • patch

  • New Microsoft Critical Patch

  • Current Microsoft Critical Patch

  • Current Critical Patch

  • Current Network Patch

  • Current Network Critical Upgrade

  • Current Net Security Pack

  • New Microsoft Security Pack

  • Current Microsoft Security Update

  • Microsoft Critical Patch

  • Newest Net Security Update

  • Newest Net Security Pack

  • Latest Net Security Patch

  • New Network Upgrade

  • Newest Pack

  • Last Internet Critical Update

  • Latest Critical Pack

  • Latest Critical Upgrade

  • Latest Microsoft Security Update

  • Newest Patch

  • Newest Net Update

  • New Network Update

  • New Net Critical Update

The attachment filename is usually a combination of "Installer," "upgrade," "update," "pack," or the letter "Q" followed by a string of digits (or letters), to which the extension ".exe" is appended, producing names such as the following:

  • patch.exe

  • Installer8.exe

  • Installer64.exe

  • upgrade3871.exe

  • install8.exe

  • Qemf.exe

  • Qmhf.exe

  • Q262891.exe

  • Q566953.exe

  • Q551852.exe

  • pack.exe

  • pack73.exe

  • update.exe

  • update88.exe

This virus is similar in function to last year's Gibe worm and exploits a software flaw for which Microsoft provides a genuine patch. Symantec has also made a Swen-A removal tool available on its web site.

Additional Information:

    W32.Swen.A W32.Swen.A@mm   (Symantec)

Last updated:   29 January 2008

David Mikkelson founded the site now known as snopes.com back in 1994.