Add Title Here

Quick Find

Get Informed

Get Moving

What to Do Next

Get Help

	Submit an online Remedy Work Order
	Send email to helpdesk@umbc.edu

Gibe-F / Swen / Swen.A Worm (09-18-2003)

Affects:

All Windows Operating Systems
Internet Explorer versions 5.01, 5.5

Type:

Worm

Threat:

Run code of attacker's choice;
Typically replicates via email and network shares, IRC, and Kazaa

Fix:

McAfee with DAT 4294 (or greater)

Download and install appropriate patches, then reboot

Incorrect MIME Header Can Cause IE to Execute E-mail Attachment

Current Cumulative Patch for Internet Explorer (updated 09.08.2003)

Vendor Reports: Gibe-F / Swen

	McAfee's report
	F-Secure's description
	TrendMicro's details
	Sophos' s analysis
	Symantec's security response

Microsoft's Official Announcements & Press Releases

TechNet PSS Security Response Team Alert - New E-Mail Worm: W32/Swen@MM (updated: 09.18.2003)

Related CVE Entries

Incorrect MIME Header Can Cause IE to Execute E-mail Attachment: CVE-2001-0154 (assigned:05-07-2001)

Update McAfee DAT to most recent available

Try a stand-alone removal tool if you are infected:

McAfee's AVERT Stinger^®

	A "stand-alone utility used to detect and remove specific viruses" including W32/Sobig, W32/SQLSlammer.worm, and W32/Swen@MM
	Instructions, Download, and FAQ

F-Secure's Swen Disinfectant

	"Please make sure you read the SWENTOOL.TXT file before using the disinfection tool. Please note that the tool will only disinfect local infection of Swen worm. It will not disinfect your e-mail databases from infected messages."
	Instructions and Download

OIT Security: Footer

NOTE: " " Indicates a link to an external (non-UMBC)

Last modified: 9/24/2003