Trend Micro warns rampant Swen worm yet to peak

Security vendor Trend Micro claims the mass mailing Swen worm - which has wreaked havoc across the BigPond network -- is likely to make the top 10 list of viruses for 2003, following a dramatic surge in activity across the Internet.

Trend Micro managing director Chris Poulos said while the vendor can't put a quantifiable figure on the number of e-mails infected with the Swen worm being received by its customers, the company has had reports that several of its large corporate customers have received in excess of 50,000 infected e-mails so far.

Both Poulos and newly appointed product marketing manager Clive Wainstein said the worm continues to pick up intensity, and hasn't reached its peak yet.

"We're finding there is an increase with corporations picking this virus up at their gateways," Wainstein said.

The Swen worm (also referred to as Win32.Swen.A), which was first detected by security vendors on 18 September, is disguised as a Windows update bulletin e-mail from Microsoft. The e-mail features an attachment, with either a .com, .scr,.bat,.pif or .exe file extension. Once activated, the worm copies itself to the computer user's Windows directory, and propagates by targeting e-mail addresses listed in the directory.

Poulos said that although Swen is very similar to the Sobig.F virus in that both are mass mailing worms, "Swen is more clever in social engineering."

"The worm has a very authentic Microsoft Web page, and the attachment masquerades as a security update."

In addition, the Swen worm is different to the Sobig.F worm variant in that it does not target addresses from the user's e-mail address book, but collects addresses through the computer's directory.

Overall, Poulos said there has been a massive surge in virus activity over the past one and a half to two months. Poulos added his "gut feeling" on this year compared to last year is that virus activity has roughly doubled.

The worm is currently at the centre of Telstra BigPond's ongoing e-mail service disruptions. The telco announced on Thursday that the worm had largely contributed to a 20 to 30 per cent increase in the number of e-mails received across its BigPond service, resulting in massive delays in customers receiving and sending e-mails from their BigPond accounts over the past week.

According to Telstra, almost all of its BigPond customers have been affected by the worm - a total of nearly 1.5 million users.