Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > influx of ms virus patch updates

Reply
Thread Tools

influx of ms virus patch updates

 
 
susie
Guest
Posts: n/a
 
      10-19-2003
Hey all
I suddenly seem to be emindated with really helpful MS virus patch updates
and returned mail from addresses I don't know & never sent in the 1st place.
Now of course I know the MS updates are hoaxes & I act accordingly but the
undelivered mail thingy is really annoying.
How do I find out if my computer is sending out emails without my knowing &
how can I stop it?
On that cheery note this lovely Monday morning I will leave you all
Cheers Susie


 
Reply With Quote
 
 
 
 
T.N.O.
Guest
Posts: n/a
 
      10-19-2003
"susie" wrote
> How do I find out if my computer is sending out emails without my knowing

&
> how can I stop it?


Run an up to date virus scanner, maybe a personal firewall like zonealarm
www.zonelabs.com


 
Reply With Quote
 
 
 
 
Keith
Guest
Posts: n/a
 
      10-19-2003

"susie" <(E-Mail Removed)> wrote:
>Hey all
>I suddenly seem to be emindated with really helpful MS virus patch updates
>and returned mail from addresses I don't know & never sent in the 1st place.
>Now of course I know the MS updates are hoaxes & I act accordingly but the
>undelivered mail thingy is really annoying.
>How do I find out if my computer is sending out emails without my knowing &
>how can I stop it?



You are probably not sending out emails unknowingly. The emails are
much more than "hoaxs", they are mostly likely the "Swen" virus (worm).
Another manifestation of the Swen worm is fake returned emails. Both
types of email contain the worm. Make sure your antivirus is up to date.

http://www.trendmicro.com/vinfo/viru...me=WORM_SWEN.A

 
Reply With Quote
 
Shannon
Guest
Posts: n/a
 
      10-19-2003
On 20 Oct 2003 10:07:28 +1300, "Keith" <(E-Mail Removed)>
wrote:

>
>"susie" <(E-Mail Removed)> wrote:
>>Hey all
>>I suddenly seem to be emindated with really helpful MS virus patch updates
>>and returned mail from addresses I don't know & never sent in the 1st place.
>>Now of course I know the MS updates are hoaxes & I act accordingly but the
>>undelivered mail thingy is really annoying.
>>How do I find out if my computer is sending out emails without my knowing &
>>how can I stop it?

>
>
>You are probably not sending out emails unknowingly. The emails are
>much more than "hoaxs", they are mostly likely the "Swen" virus (worm).
>Another manifestation of the Swen worm is fake returned emails. Both
>types of email contain the worm. Make sure your antivirus is up to date.
>
>http://www.trendmicro.com/vinfo/viru...me=WORM_SWEN.A


Well, also, a very common thing is: Person "A" is infected with swen.
Swen sends out copies of itself, to person B but with a fake from
email address that happens to be person C's email address. Person B's
mail server rejects the mail - because B doesn't exist any more or
because they notice the virus. It then bounces the mail to the sender
- or, really, the apparent sender. Which is Person C. Thus person C
gets all these bounced viruses that are really supposed to go to
Person A, bu there's no way for that to happen.

They're real bounces, but of fake email. Susie, in this picture, is
person C.

(It's like Xtra's inane stupid idea of notifying the apparent sender
that they've sent a virus - gah, incorrect return address is very much
the rule not the exception with viruses these days. Would it be that
hard to tell apart viruses where the whole email is the virus, and
merely virus infected attachments to otherwise legit email?)

 
Reply With Quote
 
Keith
Guest
Posts: n/a
 
      10-20-2003

Shannon <(E-Mail Removed)-dot.com> wrote:
>On 20 Oct 2003 10:07:28 +1300, "Keith" <(E-Mail Removed)>
>wrote:
>
>>
>>"susie" <(E-Mail Removed)> wrote:
>>>Hey all
>>>I suddenly seem to be emindated with really helpful MS virus patch updates
>>>and returned mail from addresses I don't know & never sent in the 1st place.
>>>Now of course I know the MS updates are hoaxes & I act accordingly but the
>>>undelivered mail thingy is really annoying.
>>>How do I find out if my computer is sending out emails without my knowing &
>>>how can I stop it?

>>
>>
>>You are probably not sending out emails unknowingly. The emails are
>>much more than "hoaxs", they are mostly likely the "Swen" virus (worm).
>>Another manifestation of the Swen worm is fake returned emails. Both
>>types of email contain the worm. Make sure your antivirus is up to date.
>>
>>http://www.trendmicro.com/vinfo/viru...me=WORM_SWEN.A

>
>Well, also, a very common thing is: Person "A" is infected with swen.
>Swen sends out copies of itself, to person B but with a fake from
>email address that happens to be person C's email address. Person B's
>mail server rejects the mail - because B doesn't exist any more or
>because they notice the virus. It then bounces the mail to the sender
>- or, really, the apparent sender. Which is Person C. Thus person C
>gets all these bounced viruses that are really supposed to go to
>Person A, bu there's no way for that to happen.
>
>They're real bounces, but of fake email. Susie, in this picture, is
>person C.


According to F-Secure's write up on Swen. The faked "From:" is hardwired
into the worm:
http://f-secure.com/v-descs/swen.shtml

"The fake sender's address is selected from the following parts:


MS
Microsoft
Corporation
Program
Internet
Network
Security
Division
Section
Department
Center
Technical
Public
Customer
Bulletin
Services
Assistance
Support

The domain name for these e-mails is selected from the following parts:


news
bulletin
confidence
advisor
updates
technet
support
newsletters

The domain suffix for these e-mails is selected from the following parts:


ms
msn
msdn
microsoft

followed by one of the following:


.com
.net"


 
Reply With Quote
 
Kookaburra
Guest
Posts: n/a
 
      10-20-2003
On Mon, 20 Oct 2003 08:32:58 +1300, "susie" wrote:

>Hey all
>I suddenly seem to be emindated with really helpful MS virus patch updates
>and returned mail from addresses I don't know & never sent in the 1st place.
>Now of course I know the MS updates are hoaxes & I act accordingly but the
>undelivered mail thingy is really annoying.
>How do I find out if my computer is sending out emails without my knowing &
>how can I stop it?
>On that cheery note this lovely Monday morning I will leave you all
>Cheers Susie
>

Nothing worse than posting on USENET with a real email address. They
are harvested continuously by Spambots. I inadvertently used a valid
email address here once about a week before the Swen virus took off
and I was averaging 20+ of them a day for a while. Now I'm getting a
smaller variant arriving in that same box the last few days.






Cheers, Kooky
 
Reply With Quote
 
T.N.O.
Guest
Posts: n/a
 
      10-20-2003
"Kookaburra" wrote
> Nothing worse than posting on USENET with a real email address. They
> are harvested continuously by Spambots. I inadvertently used a valid
> email address here once about a week before the Swen virus took off
> and I was averaging 20+ of them a day for a while. Now I'm getting a
> smaller variant arriving in that same box the last few days.


odd, I have always used a real email addy on usenet, and have only received
a handfull of those emails... I guess my ISP does a good job at filtering
them out.


 
Reply With Quote
 
Kookaburra
Guest
Posts: n/a
 
      10-20-2003
On Mon, 20 Oct 2003 15:34:58 +1300, "T.N.O." <(E-Mail Removed)> wrote:

>
>odd, I have always used a real email addy on usenet, and have only received
>a handfull of those emails... I guess my ISP does a good job at filtering
>them out.
>

The Paradise filters have certainly cut down on the amount of Spam I
used to get. The MS patches are coming into my "myrealbox.com addy".
It's my own fault I answered a message privately using Agent and
forgot to change my addy again before replying to posts.


Cheers, Kooky
 
Reply With Quote
 
Chris Wilkinson
Guest
Posts: n/a
 
      10-20-2003
Hi there,

susie wrote:
> Hey all
> I suddenly seem to be emindated with really helpful MS virus patch updates
> and returned mail from addresses I don't know & never sent in the 1st place.
> Now of course I know the MS updates are hoaxes & I act accordingly but the
> undelivered mail thingy is really annoying.
> How do I find out if my computer is sending out emails without my knowing &
> how can I stop it?
> On that cheery note this lovely Monday morning I will leave you all
> Cheers Susie


The undelivered mail thingy is Swen virus posting to random email
addresses using your address as a return one incase the message
bounces.

In that way Swen can grab your email address from usenet, or from
another PC, and use it as a forged return address, so any copies
of itself that don't hit a random address will bounce back to you.
On the plus side you may not have been infected by it...

Its impossible for me to be infected by Swen (I'm running Linux)
but my email address was certainly picked up by a copy of it out
there somewhere (probably from usenet), and then forged into the
copies of itself that were posted...I get 100 a day, and its been
like that for weeks...

One thing is certain...they're a PITA, and I'm highly sick of
dealing with them.

Kind regards,

Chris Wilkinson, Christchurch.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
had installed Ilfak Guilfanov's patch v. MS patch none Computer Security 5 01-09-2006 08:53 AM
Swen influx T.N.O. NZ Computing 4 12-22-2003 11:46 PM
In addition to MS Blaster Worm patch, 3 week old patch reissued. why? Computer Support 6 08-14-2003 07:42 PM



Advertisments