system
33
Lars,
This might help clarify things a bit. The worm activates when a victim launches the infected file (double clicking on the file attachment) or when a victim machine’s email application is vulnerable to the IFrame.FileDownload vulnerability (also exploited by the Internet worms Klez and Tanatos). Once run, Swen installs itself in the system and begins its propogation routine. You can download the patch released in March 2001 for the IFrame vulnerability: Microsoft Security Bulletin MS01-20.
The worm blocks many anti-virus programs and firewalls. Its algorithm and parts of the code text are almost identical to that of another Internet worm called I-Worm.Gibe, although the programming language used is different.
From your posts, the swen was activated and starting propagating almost immediately, even as Avast sounded the alarm. The “delete” worked, however, if you study the characteristics of Swen, then you will realize that it spreads quickly, mutates, and can disable some AVs, or “hide” themselves from the AV by changing the format coding.
I also noticed that you said you do not use the Avast mail scanner?
Is this correct? Why don’t you use it? It is one of the best protection features of Avast.
techie