September 22, 2003

Worm.Automat.AHB aka Swen

We had several detections of the Worm.Automat.AHB. Interestingly this has now been renamed W32.Swen.A@mm. I checked the server that gets updates every night and it was using definitions dated 18th September (which catches this worm) and despite it updating every night, it hadn't downloaded the definitions dated 19th September which according to Symantec's Virus watch page detects 5 more new virus's

Posted by Andy at September 22, 2003 9:51 AM
Comments

Set the update to Hourly?
;)

Posted by: Kevin at September 22, 2003 10:42 AM

I'm waiting for the next variant, the Goran-Eriksson virus.

Posted by: Neil T. at September 22, 2003 2:00 PM

can't do hourly, at least not without batch file programming :-)
And that is what I was thinking Neil!

Posted by: Me at September 23, 2003 12:18 PM

Are the virus definitions on the server being downloaded with LiveUpdate?

Definitions available for LiveUpdate are not released every day. (I don't know why)


You have to download and install the definitions "manually"

http://securityresponse.symantec.com/avcenter/defs.download.html

Posted by: Jason at September 24, 2003 1:22 PM

I'm not too worried about infection. I don't use MS Outlook, I use yahoo!

I can scan anything before downloading it, but there are SO MANY people sending me the worm that it takes up space in my mailbox.

BUT, I found something interesting. I've discovered that some of the people sending them are from Slovakia (Slovak Republic).

Check out my link, or copy and paste this to the address bar. It starts out silly, but it has good info for reporting IP Addresses:

http://www.geocities.com/khyron_4/worms.html

Posted by: Phillip at September 24, 2003 7:35 PM

Does this mean that Slovaks aren't bright enough to avoid opening suspicious attachments?

Posted by: annonymous at September 26, 2003 2:08 AM