Worm Swen (or Gibe) as Microsoft’s "March 2008, Cumulative Patch"

I was too busy in the past weeks and only found time today to face the computer.  What awaits me is lots of spam and some emails with fake message that appears to have been sent from Microsoft, when it is not.  This type of attack often happens when new security updates from Microsoft has been released.  No link to download the file but it is attached in the email with the following filename and filesize:

  • Upgrade.exe
  • q645881.exe

The email subjects:

  • New Microsoft Security Update
  • New Net Pack

This worm is old but obviously in the wild.  Good news is malware scanners will detect it as Swen.A or Gibe worm.


march2008email upgrade vt vt2

Article by Symantec on Swen.A here.

Even though most malware scanners will detect such infections, it is ALWAYS recommended to keep the anti-malware up-to-date.  Also please ensure that your system is fully patched.

Leave a Reply