A new email worm has emerged in the last few days that uses some very clever – and nasty – social engineering to encourage users to open an infectious attachment.

Known as Swen, this virus is very similar to most viruses over the last few years – it spreads via email, and requires the user to open an attachment to become infected. Due to a vulnerability uncovered in March 2001, some people running Internet Explorer 5.1-5.5 and Outlook Express 5 who have not patched their systems may have the attachment automatically execute when they open or preview the message.

The devilish part about this email is that it pretends to come from Microsoft or some other authoritative source telling you in very professional terms that it is a patch for various versions of Windows, and that you should open the attachment.

To protect yourself, make sure you are running the most patched versions of your software by visiting www.WindowsUpdate.com This will reduce your risk because you will not accidentally auto-execute the virus.

Most importantly, however, NEVER OPEN .EXE ATTACHMENTS – no matter who they are from. Executable files (often of the form .exe, .com, .pif, .scr or .vbs) allow whoever wrote the program to do anything they like to your machine. Never open these sorts of file when they arrive via email, because the odds are very high they contain a virus or something threatening.

If you think you may have been infected, the safest thing to do is run the removal tool from Symantec from http://www.sarc.com/avcenter/venc/data/w32.swen.a@mm.removal.tool.html

This virus is known to affect all versions of Windows, but unlike previous threats like Blaster, you actually have to invite it onto your system.

In addition to email, it can also infect you through IRC (a chat application) - if someone in IRC tries to send you a file with an executable attachment, don't open it!

Finally, the virus will also try to propogate through Kazzaa, a popular peer-to-peer file sharing program. The way it works is by creating versions of the virus itself in the shared folder, and giving them a range of file names that may be appealing to other users, in the hope that these other users will download the files and run them themselves.