Norman Data Defense Systems released new virus detection files detecting the worm a short time after it was first reported.

Norman Virus Control's new Sandbox technology stopped the worm even before the update, under the general diagnostic W32/P2PWorm. The Sandbox technology has represented a milestone in non-signature based detection of new, unknown viruses. Recent viruses/worms detected by the Sandbox without special signatures include all recent variants of Yaha, Blaster, Randex and Opaserv.

The worm falsifies the email's sender address, making it look like an update from Microsoft. The email's subject, body and file attachment are quite realistic, so users may easily be tricked into opening the attachment. However, Microsoft never distributes updates and patches by unsolicited email.

The worm attacks antivirus and other security software on infected computers, and changes Registry settings so that manual cleaning of the Registry is disabled.

Users are recommended to update their antivirus installation with the latest definition files immediately.  All Norman Virus Control users with definition files from September 18 or later, and all users who have activated the Sandbox in their email scanners, are protected. A free, stand-alone diagnostic and cleaning tool will soon be available from Norman's web site. More information on W32/Swen.A and other malicious programs on www.norman.com.

For further information, please contact

Steinar Wigtil Director of R&D, tel. +47 67 10 97 00 +47 mob: +47 41 53 97 29 Norman ASA, Audun Lødemel, tel.+47 671 097 79 / +47 934 465 31