«

Hey all
I suddenly seem to be emindated with really helpful MS virus patch updates
and returned mail from addresses I don't know & never sent in the 1st place.
Now of course I know the MS updates are hoaxes & I act accordingly but the
undelivered mail thingy is really annoying.
How do I find out if my computer is sending out emails without my knowing &
how can I stop it?
On that cheery note this lovely Monday morning I will leave you all
Cheers Susie

"susie" wrote
> How do I find out if my computer is sending out emails without my knowing
&
> how can I stop it?

Run an up to date virus scanner, maybe a personal firewall like zonealarm
www.zonelabs.com

"susie" <> wrote:
>Hey all
>I suddenly seem to be emindated with really helpful MS virus patch updates
>and returned mail from addresses I don't know & never sent in the 1st place.
>Now of course I know the MS updates are hoaxes & I act accordingly but the
>undelivered mail thingy is really annoying.
>How do I find out if my computer is sending out emails without my knowing &
>how can I stop it?


You are probably not sending out emails unknowingly. The emails are
much more than "hoaxs", they are mostly likely the "Swen" virus (worm).
Another manifestation of the Swen worm is fake returned emails. Both
types of email contain the worm. Make sure your antivirus is up to date.

http://www.trendmicro.com/vinfo/viru...me=WORM_SWEN.A

On 20 Oct 2003 10:07:28 +1300, "Keith" <>
wrote:

>
>"susie" <> wrote:
>>Hey all
>>I suddenly seem to be emindated with really helpful MS virus patch updates
>>and returned mail from addresses I don't know & never sent in the 1st place.
>>Now of course I know the MS updates are hoaxes & I act accordingly but the
>>undelivered mail thingy is really annoying.
>>How do I find out if my computer is sending out emails without my knowing &
>>how can I stop it?
>
>
>You are probably not sending out emails unknowingly. The emails are
>much more than "hoaxs", they are mostly likely the "Swen" virus (worm).
>Another manifestation of the Swen worm is fake returned emails. Both
>types of email contain the worm. Make sure your antivirus is up to date.
>
>http://www.trendmicro.com/vinfo/viru...me=WORM_SWEN.A

Well, also, a very common thing is: Person "A" is infected with swen.
Swen sends out copies of itself, to person B but with a fake from
email address that happens to be person C's email address. Person B's
mail server rejects the mail - because B doesn't exist any more or
because they notice the virus. It then bounces the mail to the sender
- or, really, the apparent sender. Which is Person C. Thus person C
gets all these bounced viruses that are really supposed to go to
Person A, bu there's no way for that to happen.

They're real bounces, but of fake email. Susie, in this picture, is
person C.

(It's like Xtra's inane stupid idea of notifying the apparent sender
that they've sent a virus - gah, incorrect return address is very much
the rule not the exception with viruses these days. Would it be that
hard to tell apart viruses where the whole email is the virus, and
merely virus infected attachments to otherwise legit email?)

Shannon <> wrote:
>On 20 Oct 2003 10:07:28 +1300, "Keith" <>
>wrote:
>
>>
>>"susie" <> wrote:
>>>Hey all
>>>I suddenly seem to be emindated with really helpful MS virus patch updates
>>>and returned mail from addresses I don't know & never sent in the 1st place.
>>>Now of course I know the MS updates are hoaxes & I act accordingly but the
>>>undelivered mail thingy is really annoying.
>>>How do I find out if my computer is sending out emails without my knowing &
>>>how can I stop it?
>>
>>
>>You are probably not sending out emails unknowingly. The emails are
>>much more than "hoaxs", they are mostly likely the "Swen" virus (worm).
>>Another manifestation of the Swen worm is fake returned emails. Both
>>types of email contain the worm. Make sure your antivirus is up to date.
>>
>>http://www.trendmicro.com/vinfo/viru...me=WORM_SWEN.A
>
>Well, also, a very common thing is: Person "A" is infected with swen.
>Swen sends out copies of itself, to person B but with a fake from
>email address that happens to be person C's email address. Person B's
>mail server rejects the mail - because B doesn't exist any more or
>because they notice the virus. It then bounces the mail to the sender
>- or, really, the apparent sender. Which is Person C. Thus person C
>gets all these bounced viruses that are really supposed to go to
>Person A, bu there's no way for that to happen.
>
>They're real bounces, but of fake email. Susie, in this picture, is
>person C.

According to F-Secure's write up on Swen. The faked "From:" is hardwired
into the worm:
http://f-secure.com/v-descs/swen.shtml

"The fake sender's address is selected from the following parts:


MS
Microsoft
Corporation
Program
Internet
Network
Security
Division
Section
Department
Center
Technical
Public
Customer
Bulletin
Services
Assistance
Support

The domain name for these e-mails is selected from the following parts:


news
bulletin
confidence
advisor
updates
technet
support
newsletters

The domain suffix for these e-mails is selected from the following parts:


ms
msn
msdn
microsoft

followed by one of the following:


.com
.net"

On Mon, 20 Oct 2003 08:32:58 +1300, "susie" wrote:

>Hey all
>I suddenly seem to be emindated with really helpful MS virus patch updates
>and returned mail from addresses I don't know & never sent in the 1st place.
>Now of course I know the MS updates are hoaxes & I act accordingly but the
>undelivered mail thingy is really annoying.
>How do I find out if my computer is sending out emails without my knowing &
>how can I stop it?
>On that cheery note this lovely Monday morning I will leave you all
>Cheers Susie
>
Nothing worse than posting on USENET with a real email address. They
are harvested continuously by Spambots. I inadvertently used a valid
email address here once about a week before the Swen virus took off
and I was averaging 20+ of them a day for a while. Now I'm getting a
smaller variant arriving in that same box the last few days.






Cheers, Kooky

"Kookaburra" wrote
> Nothing worse than posting on USENET with a real email address. They
> are harvested continuously by Spambots. I inadvertently used a valid
> email address here once about a week before the Swen virus took off
> and I was averaging 20+ of them a day for a while. Now I'm getting a
> smaller variant arriving in that same box the last few days.

odd, I have always used a real email addy on usenet, and have only received
a handfull of those emails... I guess my ISP does a good job at filtering
them out.

On Mon, 20 Oct 2003 15:34:58 +1300, "T.N.O." <> wrote:

>
>odd, I have always used a real email addy on usenet, and have only received
>a handfull of those emails... I guess my ISP does a good job at filtering
>them out.
>
The Paradise filters have certainly cut down on the amount of Spam I
used to get. The MS patches are coming into my "myrealbox.com addy".
It's my own fault I answered a message privately using Agent and
forgot to change my addy again before replying to posts.


Cheers, Kooky

Hi there,

susie wrote:
> Hey all
> I suddenly seem to be emindated with really helpful MS virus patch updates
> and returned mail from addresses I don't know & never sent in the 1st place.
> Now of course I know the MS updates are hoaxes & I act accordingly but the
> undelivered mail thingy is really annoying.
> How do I find out if my computer is sending out emails without my knowing &
> how can I stop it?
> On that cheery note this lovely Monday morning I will leave you all
> Cheers Susie

The undelivered mail thingy is Swen virus posting to random email
addresses using your address as a return one incase the message
bounces.

In that way Swen can grab your email address from usenet, or from
another PC, and use it as a forged return address, so any copies
of itself that don't hit a random address will bounce back to you.
On the plus side you may not have been infected by it...

Its impossible for me to be infected by Swen (I'm running Linux)
but my email address was certainly picked up by a copy of it out
there somewhere (probably from usenet), and then forged into the
copies of itself that were posted...I get 100 a day, and its been
like that for weeks...

One thing is certain...they're a PITA, and I'm highly sick of
dealing with them.

Kind regards,

Chris Wilkinson, Christchurch.