It's just another worm exploiting holes in Microsoft's alleged software:

   http://www.f-secure.com/v-descs/swen.shtml
   F-Secure Computer Virus Information Pages: Swen


  "...Spreading in e-mails and to newsgroups

   The worm periodically scans HTML and ASP files on a hard drive and
   stores found e-mail addresses in the GERMS0.DBV file located in
   Windows folder. The worm also reads .EML, .DBX, .WAB, and .MBX files
   and fetches e-mail addresses from there. The worm does not fetch
   addresses containing 'delete' and 'spam' strings.

   The worm also can search for e-mail addresses in various newsgroups.
   It connects to NNTP servers listed in the SWEN1.DAT file, gets a list
   of all newsgroups on that server and searches recent messages in these
   newsgroups for 'nfrom:' and 'nreply-to:' tags. When such tags are
   found, the worm gets e-mail addressed after them and writes them to
   the GERMS0.DBV file. This way the worm can harvers a lot of e-mail
   addresses to send itself to.

   The worm can post its e-mails to newsgroups, the names of which it
   finds during searching process. The worm sends the same kind of
   messages as it sends via e-mail.

   The worm reads SMTP server address and user name from the Registry.
   However, if it can't find this info, it shows a fake MAPI error dialog
   asking a user to input that data:

   The worm sends itself a very legitimately-looking messages that are
   composed from different text strings hardcoded in the worm's body.
   Here is an example of such message:..."


--Jerry Leslie
  Note: [log in to unmask] is invalid for email

 "Outlook is a piece of software for giving remote access by
  email to all the bugs in Internet Explorer !"

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *