Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > DVD Video > off topic, swen virus

Reply
Thread Tools

off topic, swen virus

 
 
digitalgliff
Guest
Posts: n/a
 
      09-26-2003
The virus that mails itself as a microsoft patch. Im getting like 50 a day.
I read that people who post on Usenet get these mailers allot.


 
Reply With Quote
 
 
 
 
TSKO
Guest
Posts: n/a
 
      09-26-2003
I have been getting hit....like many other ppl.....well...until I read the
following post in another newsgroup.......read it and give it a try...in 24
hrs I have not recieved any of the virus emails..

Greetings,

since Swen.A first appeared in the wild around September 18th 2003,
many people have asked how to filter the emails Swen wildly sends to
just about everyone who ever posted in any newsgroup. It's a bit
tricky, at first glance it seems impossible, but it can be done.

Here's how.

Swen emails unfortunately differ in From-, To- and Subject-field, but
you will always find your own valid email-address in the
Envelope-to-field of the email's header. OE unfortunately is unable to
filter emails by the Envelope-to-content, but this doesn't matter. If
you read the above carefully you see that:

Every email that arrives in your inbox and does NOT have your valid
email address in the To- or CC-field is almost guaranteed to be a
Swen-mail (exceptions see below).

To filter them out, do the following (tested with OE 6, earlier
versions may need a slightly different process):



*** BEGIN ***



(Thanks to Phil who helped me with using the correct English names as I
use the German version of OE - the following is a quote from his email)

Open the email rules: Tools\Message Rules\Mail

Create a new rule.

In the first window (Select the conditions for your rule) select the
following:
-Where the To line contains people
-Where the CC line contains people

In the second window (Select the Actions for your rule) select the
following:
-Delete it from server

In the third window (Rule Description...)
-Click on "contains people" and enter your email address, then click on
"Add"
-Your email has now been added, select the email address and click on
"Options"
-Select the second radio button "Message does not contain the people
below"
then "OK" to close.

(end quote from Phil)



*** END ***



Presto - you're done! OE will still have to download the _header_ data,
but not the message body with its 150K worm executable. Ergo you have
much less problems.

NOTE THE FOLLOWING:

Mailing lists - at least all lists I know - use a very similar
procedure to send their contents to you, inserting your valid address
in the Envelope-to-field and the basic email address of the list in the
To-field, along with usually adding a list-typical string to the
subject. Obviously this will create false positives with the
above-mentioned email rule that would delete the list messages along
with Swen.
Therefore, if you participate in mailing lists, I suggest you do the
following:



*** BEGIN ***



If you haven't done so until now, create an extra folder for each of
your lists.

Create one email rule for each of your lists with the following:

Subject contains the list-typical string, To-field contains the basic
list email address
Actions to take: Move to the folder created for that list, do not
process any more rules for that mail.

Move all these rules to somewhere ABOVE the rule that deletes
Swen-mails from the server.

(For the details on doing all this, see the description of the
Swen-filtering rule above)



*** END ***



That way, your mailing list messages will be moved to their own folders
while the pesky Swen mails will die while still on your provider's
server.

Hope to have helped...

Tocis (commoner AT carcosa DOT de)
To reply, include HI-AK 523 in the subject or else your mail will be
deleted!
"digitalgliff" <(E-Mail Removed)> wrote in message
news:4n0db.15266$(E-Mail Removed) link.net...
> The virus that mails itself as a microsoft patch. Im getting like 50 a

day.
> I read that people who post on Usenet get these mailers allot.
>
>



 
Reply With Quote
 
 
 
 
Impmon
Guest
Posts: n/a
 
      09-26-2003
On Fri, 26 Sep 2003 19:23:44 GMT, "digitalgliff"
<(E-Mail Removed)> typed:

>The virus that mails itself as a microsoft patch. Im getting like 50 a day.
>I read that people who post on Usenet get these mailers allot.


Only 50? I'm envious. I've had to add filter in my email program to
delete anything with attachment, I've been getting about 500 a day since
Thursday last week.
----
space for rent.
 
Reply With Quote
 
news.bellatlantic.net
Guest
Posts: n/a
 
      09-27-2003

"digitalgliff" <(E-Mail Removed)> wrote in message
news:4n0db.15266$(E-Mail Removed) link.net...
> The virus that mails itself as a microsoft patch. Im getting like 50 a

day.
> I read that people who post on Usenet get these mailers allot.
>
>


Yes I just added mailwasher to my progs as I was getting between 60-70 a
day. All of a sudden they stopped. Got to be usenet as my addy is
undisclosed. Anyway after using for over a week i will keep the program I
recommend mailwasher as it enabvles you to screen your mail from the server
before you dl it to your machine.


 
Reply With Quote
 
Steve(JazzHunter)
Guest
Posts: n/a
 
      09-27-2003
On Fri, 26 Sep 2003 23:46:33 GMT, Impmon <(E-Mail Removed)> wrote:

>On Fri, 26 Sep 2003 19:23:44 GMT, "digitalgliff"
><(E-Mail Removed)> typed:
>
>>The virus that mails itself as a microsoft patch. Im getting like 50 a day.
>>I read that people who post on Usenet get these mailers allot.

>
>Only 50? I'm envious. I've had to add filter in my email program to
>delete anything with attachment, I've been getting about 500 a day since
>Thursday last week.


Er, you might want to both remove your correct email address from the
usenet client headers, since the worm mines Usenet posts for
addresses. I was getting over 800 Swen emails a day until I removed
my address, then over a period of a couple of days afterwards it
tapered off to virtually nothing as the corporate servers infected
with the virus were cleaned up, and I'm now getting no new infected
emails.

. Steve ..
>----
>space for rent.


 
Reply With Quote
 
Impmon
Guest
Posts: n/a
 
      09-27-2003
On Sat, 27 Sep 2003 08:06:33 -0400, "Steve(JazzHunter)"
<(E-Mail Removed)> typed:

>Er, you might want to both remove your correct email address from the
>usenet client headers, since the worm mines Usenet posts for
>addresses.


I'll give that a try.
--
space for rent.
To reply, change digi.mon to tds.net
 
Reply With Quote
 
Richard C.
Guest
Posts: n/a
 
      09-27-2003
"Impmon" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
: On Fri, 26 Sep 2003 19:23:44 GMT, "digitalgliff"
: <(E-Mail Removed)> typed:
:
: >The virus that mails itself as a microsoft patch. Im getting like 50 a day.
: >I read that people who post on Usenet get these mailers allot.
:
: Only 50? I'm envious. I've had to add filter in my email program to
: delete anything with attachment, I've been getting about 500 a day since
: Thursday last week.
: ----
: space for rent.

===============
How do you guys rate this attention?

I have not received a single one.....................


 
Reply With Quote
 
Bobby Henderson
Guest
Posts: n/a
 
      09-27-2003
"digitalgliff" <(E-Mail Removed)>
wrote in message
news:4n0db.15266$(E-Mail Removed) link.net...
> The virus that mails itself as a microsoft patch. Im getting like 50 a

day.
> I read that people who post on Usenet get these mailers allot.


I was getting around 200 to 300 copies per day, but lately it has been
tapering off. As a safeguard, I have been screening e-mail from SBC
Global's web-based system, which puts the bulk of those Sven-mails into the
"Bulk" mail folder. I just hit "delete" and clean them out. I've probably
deleted over 100MB of those things in the last week.

The mass mailing of millions of copies of these worms has really affected
Internet bandwidth performance. Thanks to all the people who don't think
before they click, things are running slow in a lot of places. I had to
argue in stopping one of my coworkers from installing that "Microsoft
Patch." They thought it was the real thing since it looked so official.
Most people don't realize software companies do not e-mail security patches
to you. You have to go get the patches from them. Lots of people pride
themselves on being street smart. Not enough are tranferring street smarts
to the computer.

Bobby Henderson


 
Reply With Quote
 
Hugh Candlin
Guest
Posts: n/a
 
      09-27-2003

Bobby Henderson <(E-Mail Removed)> wrote in message news:kfodb.2153$(E-Mail Removed) m...
> "digitalgliff" <(E-Mail Removed)>
> wrote in message
> news:4n0db.15266$(E-Mail Removed) link.net...
> > The virus that mails itself as a microsoft patch. Im getting like 50 a

> day.
> > I read that people who post on Usenet get these mailers allot.

>
> I was getting around 200 to 300 copies per day, but lately it has been
> tapering off. As a safeguard, I have been screening e-mail from SBC
> Global's web-based system, which puts the bulk of those Sven-mails into the
> "Bulk" mail folder. I just hit "delete" and clean them out. I've probably
> deleted over 100MB of those things in the last week.
>
> The mass mailing of millions of copies of these worms has really affected
> Internet bandwidth performance. Thanks to all the people who don't think
> before they click, things are running slow in a lot of places. I had to
> argue in stopping one of my coworkers from installing that "Microsoft
> Patch."


Next time, just show them this

How to Tell If a Microsoft Security-Related Message Is Genuine
http://www.microsoft.com/security/an...icate_mail.asp


 
Reply With Quote
 
Steve Knoblock
Guest
Posts: n/a
 
      09-27-2003

"Bobby Henderson" <(E-Mail Removed)> wrote in message
news:kfodb.2153$(E-Mail Removed) m...
> "digitalgliff" <(E-Mail Removed)>
> wrote in message


> argue in stopping one of my coworkers from installing that "Microsoft
> Patch." They thought it was the real thing since it looked so official.


Why don't you show them how easy it is to view source, copy and paste in an
HTML email. Anyone can send an "official looking" email for god's sake.

Steve



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
swen dying off T.N.O. - Dave.net.nz NZ Computing 11 03-04-2004 01:26 AM
Swen virus tapering off? Sue Bilstein NZ Computing 4 11-21-2003 10:29 AM
[SWEN tiny FAQ] How to filter out Swen emails with M$ Outlook Express Thore Schmechtig Computer Security 17 09-27-2003 01:50 PM
[SWEN tiny FAQ] How to filter Swen mails with M$OE 6 Thore Schmechtig Computer Security 19 09-27-2003 03:26 AM
Swen virus - Block Message Rule - How To... Boomer Computer Support 11 09-20-2003 03:24 AM



Advertisments