off topic, swen virus

Discussion in 'DVD Video' started by digitalgliff, Sep 26, 2003.

  1. digitalgliff

    digitalgliff Guest

    The virus that mails itself as a microsoft patch. Im getting like 50 a day.
    I read that people who post on Usenet get these mailers allot.
     
    digitalgliff, Sep 26, 2003
    #1
    1. Advertising

  2. digitalgliff

    TSKO Guest

    I have been getting hit....like many other ppl.....well...until I read the
    following post in another newsgroup.......read it and give it a try...in 24
    hrs I have not recieved any of the virus emails..

    Greetings,

    since Swen.A first appeared in the wild around September 18th 2003,
    many people have asked how to filter the emails Swen wildly sends to
    just about everyone who ever posted in any newsgroup. It's a bit
    tricky, at first glance it seems impossible, but it can be done.

    Here's how.

    Swen emails unfortunately differ in From-, To- and Subject-field, but
    you will always find your own valid email-address in the
    Envelope-to-field of the email's header. OE unfortunately is unable to
    filter emails by the Envelope-to-content, but this doesn't matter. If
    you read the above carefully you see that:

    Every email that arrives in your inbox and does NOT have your valid
    email address in the To- or CC-field is almost guaranteed to be a
    Swen-mail (exceptions see below).

    To filter them out, do the following (tested with OE 6, earlier
    versions may need a slightly different process):



    *** BEGIN ***



    (Thanks to Phil who helped me with using the correct English names as I
    use the German version of OE - the following is a quote from his email)

    Open the email rules: Tools\Message Rules\Mail

    Create a new rule.

    In the first window (Select the conditions for your rule) select the
    following:
    -Where the To line contains people
    -Where the CC line contains people

    In the second window (Select the Actions for your rule) select the
    following:
    -Delete it from server

    In the third window (Rule Description...)
    -Click on "contains people" and enter your email address, then click on
    "Add"
    -Your email has now been added, select the email address and click on
    "Options"
    -Select the second radio button "Message does not contain the people
    below"
    then "OK" to close.

    (end quote from Phil)



    *** END ***



    Presto - you're done! OE will still have to download the _header_ data,
    but not the message body with its 150K worm executable. Ergo you have
    much less problems.

    NOTE THE FOLLOWING:

    Mailing lists - at least all lists I know - use a very similar
    procedure to send their contents to you, inserting your valid address
    in the Envelope-to-field and the basic email address of the list in the
    To-field, along with usually adding a list-typical string to the
    subject. Obviously this will create false positives with the
    above-mentioned email rule that would delete the list messages along
    with Swen.
    Therefore, if you participate in mailing lists, I suggest you do the
    following:



    *** BEGIN ***



    If you haven't done so until now, create an extra folder for each of
    your lists.

    Create one email rule for each of your lists with the following:

    Subject contains the list-typical string, To-field contains the basic
    list email address
    Actions to take: Move to the folder created for that list, do not
    process any more rules for that mail.

    Move all these rules to somewhere ABOVE the rule that deletes
    Swen-mails from the server.

    (For the details on doing all this, see the description of the
    Swen-filtering rule above)



    *** END ***



    That way, your mailing list messages will be moved to their own folders
    while the pesky Swen mails will die while still on your provider's
    server.

    Hope to have helped...

    Tocis (commoner AT carcosa DOT de)
    To reply, include HI-AK 523 in the subject or else your mail will be
    deleted!
    "digitalgliff" <> wrote in message
    news:4n0db.15266$...
    > The virus that mails itself as a microsoft patch. Im getting like 50 a

    day.
    > I read that people who post on Usenet get these mailers allot.
    >
    >
     
    TSKO, Sep 26, 2003
    #2
    1. Advertising

  3. digitalgliff

    Impmon Guest

    On Fri, 26 Sep 2003 19:23:44 GMT, "digitalgliff"
    <> typed:

    >The virus that mails itself as a microsoft patch. Im getting like 50 a day.
    >I read that people who post on Usenet get these mailers allot.


    Only 50? I'm envious. I've had to add filter in my email program to
    delete anything with attachment, I've been getting about 500 a day since
    Thursday last week. :p
    ----
    space for rent.
     
    Impmon, Sep 27, 2003
    #3
  4. "digitalgliff" <> wrote in message
    news:4n0db.15266$...
    > The virus that mails itself as a microsoft patch. Im getting like 50 a

    day.
    > I read that people who post on Usenet get these mailers allot.
    >
    >


    Yes I just added mailwasher to my progs as I was getting between 60-70 a
    day. All of a sudden they stopped. Got to be usenet as my addy is
    undisclosed. Anyway after using for over a week i will keep the program I
    recommend mailwasher as it enabvles you to screen your mail from the server
    before you dl it to your machine.
     
    news.bellatlantic.net, Sep 27, 2003
    #4
  5. On Fri, 26 Sep 2003 23:46:33 GMT, Impmon <> wrote:

    >On Fri, 26 Sep 2003 19:23:44 GMT, "digitalgliff"
    ><> typed:
    >
    >>The virus that mails itself as a microsoft patch. Im getting like 50 a day.
    >>I read that people who post on Usenet get these mailers allot.

    >
    >Only 50? I'm envious. I've had to add filter in my email program to
    >delete anything with attachment, I've been getting about 500 a day since
    >Thursday last week. :p


    Er, you might want to both remove your correct email address from the
    usenet client headers, since the worm mines Usenet posts for
    addresses. I was getting over 800 Swen emails a day until I removed
    my address, then over a period of a couple of days afterwards it
    tapered off to virtually nothing as the corporate servers infected
    with the virus were cleaned up, and I'm now getting no new infected
    emails.

    . Steve ..
    >----
    >space for rent.
     
    Steve(JazzHunter), Sep 27, 2003
    #5
  6. digitalgliff

    Impmon Guest

    On Sat, 27 Sep 2003 08:06:33 -0400, "Steve(JazzHunter)"
    <> typed:

    >Er, you might want to both remove your correct email address from the
    >usenet client headers, since the worm mines Usenet posts for
    >addresses.


    I'll give that a try.
    --
    space for rent.
    To reply, change digi.mon to tds.net
     
    Impmon, Sep 27, 2003
    #6
  7. digitalgliff

    Richard C. Guest

    "Impmon" <> wrote in message
    news:...
    : On Fri, 26 Sep 2003 19:23:44 GMT, "digitalgliff"
    : <> typed:
    :
    : >The virus that mails itself as a microsoft patch. Im getting like 50 a day.
    : >I read that people who post on Usenet get these mailers allot.
    :
    : Only 50? I'm envious. I've had to add filter in my email program to
    : delete anything with attachment, I've been getting about 500 a day since
    : Thursday last week. :p
    : ----
    : space for rent.

    ===============
    How do you guys rate this attention?

    I have not received a single one.....................
     
    Richard C., Sep 27, 2003
    #7
  8. "digitalgliff" <>
    wrote in message
    news:4n0db.15266$...
    > The virus that mails itself as a microsoft patch. Im getting like 50 a

    day.
    > I read that people who post on Usenet get these mailers allot.


    I was getting around 200 to 300 copies per day, but lately it has been
    tapering off. As a safeguard, I have been screening e-mail from SBC
    Global's web-based system, which puts the bulk of those Sven-mails into the
    "Bulk" mail folder. I just hit "delete" and clean them out. I've probably
    deleted over 100MB of those things in the last week.

    The mass mailing of millions of copies of these worms has really affected
    Internet bandwidth performance. Thanks to all the people who don't think
    before they click, things are running slow in a lot of places. I had to
    argue in stopping one of my coworkers from installing that "Microsoft
    Patch." They thought it was the real thing since it looked so official.
    Most people don't realize software companies do not e-mail security patches
    to you. You have to go get the patches from them. Lots of people pride
    themselves on being street smart. Not enough are tranferring street smarts
    to the computer.

    Bobby Henderson
     
    Bobby Henderson, Sep 27, 2003
    #8
  9. digitalgliff

    Hugh Candlin Guest

    Bobby Henderson <> wrote in message news:kfodb.2153$...
    > "digitalgliff" <>
    > wrote in message
    > news:4n0db.15266$...
    > > The virus that mails itself as a microsoft patch. Im getting like 50 a

    > day.
    > > I read that people who post on Usenet get these mailers allot.

    >
    > I was getting around 200 to 300 copies per day, but lately it has been
    > tapering off. As a safeguard, I have been screening e-mail from SBC
    > Global's web-based system, which puts the bulk of those Sven-mails into the
    > "Bulk" mail folder. I just hit "delete" and clean them out. I've probably
    > deleted over 100MB of those things in the last week.
    >
    > The mass mailing of millions of copies of these worms has really affected
    > Internet bandwidth performance. Thanks to all the people who don't think
    > before they click, things are running slow in a lot of places. I had to
    > argue in stopping one of my coworkers from installing that "Microsoft
    > Patch."


    Next time, just show them this

    How to Tell If a Microsoft Security-Related Message Is Genuine
    http://www.microsoft.com/security/antivirus/authenticate_mail.asp
     
    Hugh Candlin, Sep 27, 2003
    #9
  10. "Bobby Henderson" <> wrote in message
    news:kfodb.2153$...
    > "digitalgliff" <>
    > wrote in message


    > argue in stopping one of my coworkers from installing that "Microsoft
    > Patch." They thought it was the real thing since it looked so official.


    Why don't you show them how easy it is to view source, copy and paste in an
    HTML email. Anyone can send an "official looking" email for god's sake.

    Steve
     
    Steve Knoblock, Sep 28, 2003
    #10
  11. digitalgliff

    - Guest

    While we're off the subject. There are several copies of that "patch" email
    posted in these newsgroups. Isn't ANYONE responsible for removing them?
    Sorry if it's a stupid question, I'm not quite sure how newsgroups work.
    Neal,
    Ireland.

    "digitalgliff" <> wrote in message
    news:4n0db.15266$...
    > The virus that mails itself as a microsoft patch. Im getting like 50 a

    day.
    > I read that people who post on Usenet get these mailers allot.
    >
    >
     
    -, Oct 4, 2003
    #11
  12. - wrote:
    > While we're off the subject. There are several copies of that "patch" email
    > posted in these newsgroups. Isn't ANYONE responsible for removing them?
    > Sorry if it's a stupid question, I'm not quite sure how newsgroups work.


    Netnews is a distributed system. Messages are distributed in a peer to
    peer fashion among 10 of thousands of servers internationally. There is
    no central control so there is no central responsibility. Other than
    moderated newsgroups it is chaos. The only control is the self control
    of the posters.

    Matthew

    --
    <http://www.mlmartin.com/bbq/>

    Thermodynamics For Dummies: You can't win.
    You can't break even.
    You can't get out of the game.
     
    Matthew L. Martin, Oct 4, 2003
    #12
  13. digitalgliff

    Jay G Guest

    "Matthew L. Martin" <> wrote ...
    > - wrote:
    > > While we're off the subject. There are several copies of that "patch"

    email
    > > posted in these newsgroups. Isn't ANYONE responsible for removing them?
    > > Sorry if it's a stupid question, I'm not quite sure how newsgroups work.

    >
    > Netnews is a distributed system. Messages are distributed in a peer to
    > peer fashion among 10 of thousands of servers internationally. There is
    > no central control so there is no central responsibility. Other than
    > moderated newsgroups it is chaos. The only control is the self control
    > of the posters.


    Well, the individual newsservers can filter out obvious SPAM and
    viruses as well. For example, I have not seen one Swen virus on
    any of the newsgroups on my newsserver.

    -Jay
     
    Jay G, Oct 4, 2003
    #13
  14. Jay G wrote:
    > "Matthew L. Martin" <> wrote ...
    >
    >>- wrote:
    >>
    >>>While we're off the subject. There are several copies of that "patch"

    >
    > email
    >
    >>>posted in these newsgroups. Isn't ANYONE responsible for removing them?
    >>>Sorry if it's a stupid question, I'm not quite sure how newsgroups work.

    >>
    >>Netnews is a distributed system. Messages are distributed in a peer to
    >>peer fashion among 10 of thousands of servers internationally. There is
    >>no central control so there is no central responsibility. Other than
    >>moderated newsgroups it is chaos. The only control is the self control
    >>of the posters.

    >
    >
    > Well, the individual newsservers can filter out obvious SPAM and
    > viruses as well. For example, I have not seen one Swen virus on
    > any of the newsgroups on my newsserver.
    >


    Some servers are better than others. The point is that no one is
    "responsible" for removing anything. Even cancel messages can be ignored.

    Matthew

    --
    <http://www.mlmartin.com/bbq/>

    Thermodynamics For Dummies: You can't win.
    You can't break even.
    You can't get out of the game.
     
    Matthew L. Martin, Oct 4, 2003
    #14
  15. digitalgliff

    jayembee Guest

    "Richard C." <> wrote:

    > How do you guys rate this attention?
    >
    > I have not received a single one.....................


    I'll send you mine, if you're really feeling deprived.

    -- jayembee
     
    jayembee, Oct 4, 2003
    #15
  16. digitalgliff

    Richard C. Guest

    "jayembee" <> wrote in message
    news:...
    : "Richard C." <> wrote:
    :
    : > How do you guys rate this attention?
    : >
    : > I have not received a single one.....................
    :
    : I'll send you mine, if you're really feeling deprived.
    :
    : -- jayembee

    =============================
    Thanks................but no thanks...................
     
    Richard C., Oct 4, 2003
    #16
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Thore Schmechtig
    Replies:
    17
    Views:
    797
    Gregg Dotoli
    Sep 27, 2003
  2. Thore Schmechtig

    [SWEN tiny FAQ] How to filter Swen mails with M$OE 6

    Thore Schmechtig, Sep 25, 2003, in forum: Computer Security
    Replies:
    19
    Views:
    584
    kd7sk
    Sep 27, 2003
  3. Coach 02
    Replies:
    1
    Views:
    590
    Whiskers
    Mar 12, 2007
  4. Sue Bilstein

    Swen virus tapering off?

    Sue Bilstein, Nov 14, 2003, in forum: NZ Computing
    Replies:
    4
    Views:
    344
    T.N.O.
    Nov 21, 2003
  5. T.N.O. - Dave.net.nz

    swen dying off

    T.N.O. - Dave.net.nz, Mar 3, 2004, in forum: NZ Computing
    Replies:
    11
    Views:
    479
    T.N.O. - Dave.net.nz
    Mar 4, 2004
Loading...

Share This Page