influx of ms virus patch updates

Discussion in 'NZ Computing' started by susie, Oct 19, 2003.

  1. susie

    susie Guest

    Hey all
    I suddenly seem to be emindated with really helpful MS virus patch updates
    and returned mail from addresses I don't know & never sent in the 1st place.
    Now of course I know the MS updates are hoaxes & I act accordingly but the
    undelivered mail thingy is really annoying.
    How do I find out if my computer is sending out emails without my knowing &
    how can I stop it?
    On that cheery note this lovely Monday morning I will leave you all
    Cheers Susie
     
    susie, Oct 19, 2003
    #1
    1. Advertising

  2. susie

    T.N.O. Guest

    "susie" wrote
    > How do I find out if my computer is sending out emails without my knowing

    &
    > how can I stop it?


    Run an up to date virus scanner, maybe a personal firewall like zonealarm
    www.zonelabs.com
     
    T.N.O., Oct 19, 2003
    #2
    1. Advertising

  3. susie

    Keith Guest

    "susie" <> wrote:
    >Hey all
    >I suddenly seem to be emindated with really helpful MS virus patch updates
    >and returned mail from addresses I don't know & never sent in the 1st place.
    >Now of course I know the MS updates are hoaxes & I act accordingly but the
    >undelivered mail thingy is really annoying.
    >How do I find out if my computer is sending out emails without my knowing &
    >how can I stop it?



    You are probably not sending out emails unknowingly. The emails are
    much more than "hoaxs", they are mostly likely the "Swen" virus (worm).
    Another manifestation of the Swen worm is fake returned emails. Both
    types of email contain the worm. Make sure your antivirus is up to date.

    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SWEN.A
     
    Keith, Oct 19, 2003
    #3
  4. susie

    Shannon Guest

    On 20 Oct 2003 10:07:28 +1300, "Keith" <>
    wrote:

    >
    >"susie" <> wrote:
    >>Hey all
    >>I suddenly seem to be emindated with really helpful MS virus patch updates
    >>and returned mail from addresses I don't know & never sent in the 1st place.
    >>Now of course I know the MS updates are hoaxes & I act accordingly but the
    >>undelivered mail thingy is really annoying.
    >>How do I find out if my computer is sending out emails without my knowing &
    >>how can I stop it?

    >
    >
    >You are probably not sending out emails unknowingly. The emails are
    >much more than "hoaxs", they are mostly likely the "Swen" virus (worm).
    >Another manifestation of the Swen worm is fake returned emails. Both
    >types of email contain the worm. Make sure your antivirus is up to date.
    >
    >http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SWEN.A


    Well, also, a very common thing is: Person "A" is infected with swen.
    Swen sends out copies of itself, to person B but with a fake from
    email address that happens to be person C's email address. Person B's
    mail server rejects the mail - because B doesn't exist any more or
    because they notice the virus. It then bounces the mail to the sender
    - or, really, the apparent sender. Which is Person C. Thus person C
    gets all these bounced viruses that are really supposed to go to
    Person A, bu there's no way for that to happen.

    They're real bounces, but of fake email. Susie, in this picture, is
    person C.

    (It's like Xtra's inane stupid idea of notifying the apparent sender
    that they've sent a virus - gah, incorrect return address is very much
    the rule not the exception with viruses these days. Would it be that
    hard to tell apart viruses where the whole email is the virus, and
    merely virus infected attachments to otherwise legit email?)
     
    Shannon, Oct 19, 2003
    #4
  5. susie

    Keith Guest

    Shannon <-dot.com> wrote:
    >On 20 Oct 2003 10:07:28 +1300, "Keith" <>
    >wrote:
    >
    >>
    >>"susie" <> wrote:
    >>>Hey all
    >>>I suddenly seem to be emindated with really helpful MS virus patch updates
    >>>and returned mail from addresses I don't know & never sent in the 1st place.
    >>>Now of course I know the MS updates are hoaxes & I act accordingly but the
    >>>undelivered mail thingy is really annoying.
    >>>How do I find out if my computer is sending out emails without my knowing &
    >>>how can I stop it?

    >>
    >>
    >>You are probably not sending out emails unknowingly. The emails are
    >>much more than "hoaxs", they are mostly likely the "Swen" virus (worm).
    >>Another manifestation of the Swen worm is fake returned emails. Both
    >>types of email contain the worm. Make sure your antivirus is up to date.
    >>
    >>http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SWEN.A

    >
    >Well, also, a very common thing is: Person "A" is infected with swen.
    >Swen sends out copies of itself, to person B but with a fake from
    >email address that happens to be person C's email address. Person B's
    >mail server rejects the mail - because B doesn't exist any more or
    >because they notice the virus. It then bounces the mail to the sender
    >- or, really, the apparent sender. Which is Person C. Thus person C
    >gets all these bounced viruses that are really supposed to go to
    >Person A, bu there's no way for that to happen.
    >
    >They're real bounces, but of fake email. Susie, in this picture, is
    >person C.


    According to F-Secure's write up on Swen. The faked "From:" is hardwired
    into the worm:
    http://f-secure.com/v-descs/swen.shtml

    "The fake sender's address is selected from the following parts:


    MS
    Microsoft
    Corporation
    Program
    Internet
    Network
    Security
    Division
    Section
    Department
    Center
    Technical
    Public
    Customer
    Bulletin
    Services
    Assistance
    Support

    The domain name for these e-mails is selected from the following parts:


    news
    bulletin
    confidence
    advisor
    updates
    technet
    support
    newsletters

    The domain suffix for these e-mails is selected from the following parts:


    ms
    msn
    msdn
    microsoft

    followed by one of the following:


    .com
    .net"
     
    Keith, Oct 20, 2003
    #5
  6. susie

    Kookaburra Guest

    On Mon, 20 Oct 2003 08:32:58 +1300, "susie" wrote:

    >Hey all
    >I suddenly seem to be emindated with really helpful MS virus patch updates
    >and returned mail from addresses I don't know & never sent in the 1st place.
    >Now of course I know the MS updates are hoaxes & I act accordingly but the
    >undelivered mail thingy is really annoying.
    >How do I find out if my computer is sending out emails without my knowing &
    >how can I stop it?
    >On that cheery note this lovely Monday morning I will leave you all
    >Cheers Susie
    >

    Nothing worse than posting on USENET with a real email address. They
    are harvested continuously by Spambots. I inadvertently used a valid
    email address here once about a week before the Swen virus took off
    and I was averaging 20+ of them a day for a while. Now I'm getting a
    smaller variant arriving in that same box the last few days.






    Cheers, Kooky
     
    Kookaburra, Oct 20, 2003
    #6
  7. susie

    T.N.O. Guest

    "Kookaburra" wrote
    > Nothing worse than posting on USENET with a real email address. They
    > are harvested continuously by Spambots. I inadvertently used a valid
    > email address here once about a week before the Swen virus took off
    > and I was averaging 20+ of them a day for a while. Now I'm getting a
    > smaller variant arriving in that same box the last few days.


    odd, I have always used a real email addy on usenet, and have only received
    a handfull of those emails... I guess my ISP does a good job at filtering
    them out.
     
    T.N.O., Oct 20, 2003
    #7
  8. susie

    Kookaburra Guest

    On Mon, 20 Oct 2003 15:34:58 +1300, "T.N.O." <> wrote:

    >
    >odd, I have always used a real email addy on usenet, and have only received
    >a handfull of those emails... I guess my ISP does a good job at filtering
    >them out.
    >

    The Paradise filters have certainly cut down on the amount of Spam I
    used to get. The MS patches are coming into my "myrealbox.com addy".
    It's my own fault I answered a message privately using Agent and
    forgot to change my addy again before replying to posts.


    Cheers, Kooky
     
    Kookaburra, Oct 20, 2003
    #8
  9. Hi there,

    susie wrote:
    > Hey all
    > I suddenly seem to be emindated with really helpful MS virus patch updates
    > and returned mail from addresses I don't know & never sent in the 1st place.
    > Now of course I know the MS updates are hoaxes & I act accordingly but the
    > undelivered mail thingy is really annoying.
    > How do I find out if my computer is sending out emails without my knowing &
    > how can I stop it?
    > On that cheery note this lovely Monday morning I will leave you all
    > Cheers Susie


    The undelivered mail thingy is Swen virus posting to random email
    addresses using your address as a return one incase the message
    bounces.

    In that way Swen can grab your email address from usenet, or from
    another PC, and use it as a forged return address, so any copies
    of itself that don't hit a random address will bounce back to you.
    On the plus side you may not have been infected by it...

    Its impossible for me to be infected by Swen (I'm running Linux)
    but my email address was certainly picked up by a copy of it out
    there somewhere (probably from usenet), and then forged into the
    copies of itself that were posted...I get 100 a day, and its been
    like that for weeks... :-(

    One thing is certain...they're a PITA, and I'm highly sick of
    dealing with them.

    Kind regards,

    Chris Wilkinson, Christchurch.
     
    Chris Wilkinson, Oct 20, 2003
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. why?
    Replies:
    6
    Views:
    798
  2. Gunjani

    Is this a virus or a patch?

    Gunjani, Aug 26, 2003, in forum: Computer Support
    Replies:
    9
    Views:
    658
    BasketCase
    Aug 27, 2003
  3. Alan

    MS Patch Virus

    Alan, Sep 21, 2003, in forum: Computer Support
    Replies:
    10
    Views:
    739
    Barry OGrady
    Sep 22, 2003
  4. none
    Replies:
    5
    Views:
    577
    Jim Watt
    Jan 9, 2006
  5. T.N.O.

    Swen influx

    T.N.O., Dec 20, 2003, in forum: NZ Computing
    Replies:
    4
    Views:
    425
    T.N.O.
    Dec 22, 2003
Loading...

Share This Page