Unsolicited E Mail purportedly from MSN

Discussion in 'Computer Support' started by Frank Aston., Sep 19, 2003.

  1. Frank Aston.

    Frank Aston. Guest

    In the last day or so I've been getting an usual number of e mails, via
    Outlook Express, relating to critical upgrades, message non delivery, error
    letters and similar issues.
    I'm a bit worried about opening them. Anyone else noticed this lately?
    Kind regards,

    Frank.
    Frank Aston., Sep 19, 2003
    #1
    1. Advertising

  2. Frank Aston.

    Boomer Guest

    Frank Aston. said:

    > In the last day or so I've been getting an usual number of e
    > mails, via Outlook Express, relating to critical upgrades,
    > message non delivery, error letters and similar issues.
    > I'm a bit worried about opening them. Anyone else noticed this
    > lately? Kind regards,
    >
    > Frank.


    Only poted a few times in this group.

    W32.Swen.A@mm or W32/Gibe-F, or Worm Swen.A

    "W32.Swen.A@mm is a mass-mailing worm that attempts to spread through
    file-sharing networks, such as KaZaA and IRC, and attempts to kill
    antivirus and personal firewall programs running on a computer.

    The worm arrives as an email attachment. The subject, body, and From:
    address of the email may vary. Some examples claim to be patches for
    Microsoft Internet Explorer, or delivery failure notices from qmail."

    "The worm can also impersonate mail delivery failure notices..."

    "The worm spreads through email, KaZaA, IRC, Network Shares, and
    newsgroups."

    Further information at:
    http://www.symantec.com/avcenter/venc/data/
    AVG
    http://www.grisoft.com/us/us_vir_tt.php#1

    And at this newsgroup: alt.comp.anti-virus

    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me,
    Windows NT, Windows Server 2003, Windows XP

    Systems Not Affected: DOS, Linux, Macintosh, Microsoft IIS, OS/2,
    UNIX, Windows 3.x
    Boomer, Sep 19, 2003
    #2
    1. Advertising

  3. Frank Aston.

    why? Guest

    X-No-Archive: Yes
    On Fri, 19 Sep 2003 12:40:59 +0100, Frank Aston. wrote:

    >In the last day or so I've been getting an usual number of e mails, via
    >Outlook Express, relating to critical upgrades, message non delivery, error
    >letters and similar issues.


    Yet again posting the same / some of previous links

    http://www.microsoft.com/security/


    http://www.microsoft.com/security/incident/blast.asp
    Hoax circulating: Microsoft never distributes software through e-mail.
    If you receive an e-mail message that appears to be from Microsoft and
    that contains an attachment, delete the message immediately. Do not open
    the attachment. To learn more, click here.

    <http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/policy/swdist.asp>

    http://www.sophos.com/
    www.mcafee.com

    http://www.symantec.com/ says -
    W32.Swen.A@mm is a mass-mailing worm that also attempts to spread
    through file-sharing networks, such as KaZaA and IRC, and will attempt
    to de-activate antivirus and personal firewall programs running on the
    computer.
    STEP 1: Read Critical Information


    > I'm a bit worried about opening them. Anyone else noticed this lately?


    Only a few 10,000 maybe even a somewhere in the 100,000 but not
    everyone.... it appears, Oh I forgot a link.

    Drat, I thought I would have to goto the help pages but no, it's on the
    home page, http://www.blueyonder.co.uk/


    Me
    why?, Sep 19, 2003
    #3
  4. Frank Aston.

    gangle Guest

    "Boomer" <> wrote in message news:Xns93FB3A79F722F24680@209.98.50.131...
    > Frank Aston. said:
    >
    > > In the last day or so I've been getting an usual number of e
    > > mails, via Outlook Express, relating to critical upgrades,
    > > message non delivery, error letters and similar issues.
    > > I'm a bit worried about opening them. Anyone else noticed this
    > > lately? Kind regards,
    > >
    > > Frank.

    >
    > Only poted a few times in this group.
    >
    > W32.Swen.A@mm or W32/Gibe-F, or Worm Swen.A
    >
    > "W32.Swen.A@mm is a mass-mailing worm that attempts to spread through
    > file-sharing networks, such as KaZaA and IRC, and attempts to kill
    > antivirus and personal firewall programs running on a computer.
    >
    > The worm arrives as an email attachment. The subject, body, and From:
    > address of the email may vary. Some examples claim to be patches for
    > Microsoft Internet Explorer, or delivery failure notices from qmail."
    >
    > "The worm can also impersonate mail delivery failure notices..."
    >
    > "The worm spreads through email, KaZaA, IRC, Network Shares, and
    > newsgroups."
    >
    > Further information at:
    > http://www.symantec.com/avcenter/venc/data/
    > AVG
    > http://www.grisoft.com/us/us_vir_tt.php#1
    >
    > And at this newsgroup: alt.comp.anti-virus
    >
    > Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me,
    > Windows NT, Windows Server 2003, Windows XP
    >
    > Systems Not Affected: DOS, Linux, Macintosh, Microsoft IIS, OS/2,
    > UNIX, Windows 3.x


    It seems almost no one bothers to scan through headers to
    see if their question has already been answered, which is
    newsgroup 101. Alas, my mind has become a festering
    cesspool of ennui.
    gangle, Sep 19, 2003
    #4
  5. Frank Aston.

    Boomer Guest

    gangle said:

    > "Boomer" <> wrote in message
    > news:Xns93FB3A79F722F24680@209.98.50.131...
    >> Frank Aston. said:
    >>
    >> > In the last day or so I've been getting an usual number of e
    >> > mails, via Outlook Express, relating to critical upgrades,
    >> > message non delivery, error letters and similar issues.
    >> > I'm a bit worried about opening them. Anyone else noticed
    >> > this lately? Kind regards,
    >> >
    >> > Frank.

    >>
    >> Only poted a few times in this group.
    >>
    >> W32.Swen.A@mm or W32/Gibe-F, or Worm Swen.A
    >>
    >> "W32.Swen.A@mm is a mass-mailing worm that attempts to spread
    >> through file-sharing networks, such as KaZaA and IRC, and
    >> attempts to kill antivirus and personal firewall programs
    >> running on a computer.
    >>
    >> The worm arrives as an email attachment. The subject, body, and
    >> From: address of the email may vary. Some examples claim to be
    >> patches for Microsoft Internet Explorer, or delivery failure
    >> notices from qmail."
    >>
    >> "The worm can also impersonate mail delivery failure
    >> notices..."
    >>
    >> "The worm spreads through email, KaZaA, IRC, Network Shares,
    >> and newsgroups."
    >>
    >> Further information at:
    >> http://www.symantec.com/avcenter/venc/data/
    >> AVG
    >> http://www.grisoft.com/us/us_vir_tt.php#1
    >>
    >> And at this newsgroup: alt.comp.anti-virus
    >>
    >> Systems Affected: Windows 2000, Windows 95, Windows 98,
    >> Windows Me, Windows NT, Windows Server 2003, Windows XP
    >>
    >> Systems Not Affected: DOS, Linux, Macintosh, Microsoft IIS,
    >> OS/2, UNIX, Windows 3.x

    >
    > It seems almost no one bothers to scan through headers to
    > see if their question has already been answered, which is
    > newsgroup 101. Alas, my mind has become a festering
    > cesspool of ennui.


    No one knows what Google or Google groups are either. :(
    Boomer, Sep 19, 2003
    #5
  6. I appear to be a victim of this, although my AV software
    (Norton/Symantec) is running just fine as is my firewall.

    Could someone explain exactly what's happening here? Is *my* computer
    infected or is it just that someone who has my address is infected and
    therefore sending me tons of emails?

    -S-

    why? wrote:
    >
    > X-No-Archive: Yes
    > On Fri, 19 Sep 2003 12:40:59 +0100, Frank Aston. wrote:
    >
    > >In the last day or so I've been getting an usual number of e mails, via
    > >Outlook Express, relating to critical upgrades, message non delivery, error
    > >letters and similar issues.

    >
    > Yet again posting the same / some of previous links
    >
    > http://www.microsoft.com/security/
    >
    > http://www.microsoft.com/security/incident/blast.asp
    > Hoax circulating: Microsoft never distributes software through e-mail.
    > If you receive an e-mail message that appears to be from Microsoft and
    > that contains an attachment, delete the message immediately. Do not open
    > the attachment. To learn more, click here.
    >
    > <http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/policy/swdist.asp>
    >
    > http://www.sophos.com/
    > www.mcafee.com
    >
    > http://www.symantec.com/ says -
    > W32.Swen.A@mm is a mass-mailing worm that also attempts to spread
    > through file-sharing networks, such as KaZaA and IRC, and will attempt
    > to de-activate antivirus and personal firewall programs running on the
    > computer.
    > STEP 1: Read Critical Information
    >
    > > I'm a bit worried about opening them. Anyone else noticed this lately?

    >
    > Only a few 10,000 maybe even a somewhere in the 100,000 but not
    > everyone.... it appears, Oh I forgot a link.
    >
    > Drat, I thought I would have to goto the help pages but no, it's on the
    > home page, http://www.blueyonder.co.uk/
    >
    > Me
    Steve Freides, Sep 19, 2003
    #6
  7. I appear to be a victim of this, although my AV software
    (Norton/Symantec) is running just fine as is my firewall.

    Could someone explain exactly what's happening here? Is *my* computer
    infected or is it just that someone who has my address is infected and
    therefore sending me tons of emails?

    -S-

    why? wrote:
    >
    > X-No-Archive: Yes
    > On Fri, 19 Sep 2003 12:40:59 +0100, Frank Aston. wrote:
    >
    > >In the last day or so I've been getting an usual number of e mails, via
    > >Outlook Express, relating to critical upgrades, message non delivery, error
    > >letters and similar issues.

    >
    > Yet again posting the same / some of previous links
    >
    > http://www.microsoft.com/security/
    >
    > http://www.microsoft.com/security/incident/blast.asp
    > Hoax circulating: Microsoft never distributes software through e-mail.
    > If you receive an e-mail message that appears to be from Microsoft and
    > that contains an attachment, delete the message immediately. Do not open
    > the attachment. To learn more, click here.
    >
    > <http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/policy/swdist.asp>
    >
    > http://www.sophos.com/
    > www.mcafee.com
    >
    > http://www.symantec.com/ says -
    > W32.Swen.A@mm is a mass-mailing worm that also attempts to spread
    > through file-sharing networks, such as KaZaA and IRC, and will attempt
    > to de-activate antivirus and personal firewall programs running on the
    > computer.
    > STEP 1: Read Critical Information
    >
    > > I'm a bit worried about opening them. Anyone else noticed this lately?

    >
    > Only a few 10,000 maybe even a somewhere in the 100,000 but not
    > everyone.... it appears, Oh I forgot a link.
    >
    > Drat, I thought I would have to goto the help pages but no, it's on the
    > home page, http://www.blueyonder.co.uk/
    >
    > Me
    Steve Freides, Sep 19, 2003
    #7
  8. Frank Aston.

    why? Guest

    X-No-Archive: Yes
    On Fri, 19 Sep 2003 08:50:21 -0400, Steve Freides wrote:

    >I appear to be a victim of this, although my AV software
    >(Norton/Symantec) is running just fine as is my firewall.
    >
    >Could someone explain exactly what's happening here? Is *my* computer
    >infected or is it just that someone who has my address is infected and
    >therefore sending me tons of emails?


    *** Could be both. ***

    You have tried reading the info from the other links?
    I have not had 1 yet and don't expect to be able to get one either.

    From the info at - (not the full text)
    http://us.mcafee.com/virusInfo/default.asp?id=helpCenter&hcName=swen

    Sometimes posing as a Microsoft Security Update, this worm is intended
    to spread via the following methods:

    * Mailing itself to recipients extracted from the victim's machine
    * Copying itself over network shares (mapped drives)
    * Sharing itself over the KaZaa P2P network
    * Sending itself via IRC

    The worm terminates processes relevant to various security and
    anti-virus products. Additionally, the worm contains its own SMTP engine
    to create outgoing messages to harvested email addresses from the
    victim's machine.

    Various outgoing messages are created,

    When the worm is run on the victim's machine, a series of fraudulent
    message boxes are displayed. The worm installs itself (using a random
    filename) into %WinDir%, for example: C:\WINDOWS\ZNFUL.EXE.

    How do you know if you've been infected?
    * Display of a series of dialog boxes
    * Unexpected termination of various security and anti-virus products
    * Inability to run RegEdit on the victim's machine

    Further Info
    http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100662


    >-S-
    >
    >why? wrote:
    >>
    >> X-No-Archive: Yes
    >> On Fri, 19 Sep 2003 12:40:59 +0100, Frank Aston. wrote:
    >>
    >> >In the last day or so I've been getting an usual number of e mails, via
    >> >Outlook Express, relating to critical upgrades, message non delivery, error
    >> >letters and similar issues.

    >>
    >> Yet again posting the same / some of previous links
    >>
    >> http://www.microsoft.com/security/
    >>
    >> http://www.microsoft.com/security/incident/blast.asp
    >> Hoax circulating: Microsoft never distributes software through e-mail.
    >> If you receive an e-mail message that appears to be from Microsoft and

    <snip>

    Me
    why?, Sep 19, 2003
    #8
  9. Frank Aston.

    Paul - xxx Guest

    Boomer tried to scribble ...

    > gangle said:
    >
    >> "Boomer" <> wrote in message
    >> It seems almost no one bothers to scan through headers to
    >> see if their question has already been answered, which is
    >> newsgroup 101. Alas, my mind has become a festering
    >> cesspool of ennui.

    >
    > No one knows what Google or Google groups are either. :(


    I think gangle has it spot on .. A lack of knowledge about Google can be
    understandable, but not reading a newsgroup, where one is asking a specific
    question, is well nigh unforgivable. (IMHO)

    --
    .............................Paul - xxx
    Paul - xxx, Sep 19, 2003
    #9
  10. Frank Aston.

    Boomer Guest

    Steve Freides said:

    > I appear to be a victim of this, although my AV software
    > (Norton/Symantec) is running just fine as is my firewall.
    >
    > Could someone explain exactly what's happening here? Is *my*
    > computer infected or is it just that someone who has my address
    > is infected and therefore sending me tons of emails?
    >
    > -S-


    [snip]

    Further information at:
    http://www.pcworld.com/news/article/0,aid,112552,00.asp
    http://www.microsoft.com/security/incident/blast.asp
    http://www.theregister.co.uk/content/56/32327.html
    http://www.theregister.co.uk/content/56/32410.html
    Boomer, Sep 19, 2003
    #10
  11. Frank Aston.

    Boomer Guest

    Paul - xxx said:

    > Boomer tried to scribble ...
    >
    >> gangle said:
    >>
    >>> "Boomer" <> wrote in message
    >>> It seems almost no one bothers to scan through headers to
    >>> see if their question has already been answered, which is
    >>> newsgroup 101. Alas, my mind has become a festering
    >>> cesspool of ennui.

    >>
    >> No one knows what Google or Google groups are either. :(

    >
    > I think gangle has it spot on .. A lack of knowledge about
    > Google can be understandable, but not reading a newsgroup, where
    > one is asking a specific question, is well nigh unforgivable.
    > (IMHO)


    True.
    Boomer, Sep 19, 2003
    #11
  12. On Fri, 19 Sep 2003 05:38:46 -0700, In the heat of the moment, "gangle"
    <> posted:
    ..
    >It seems almost no one bothers to scan through headers to
    >see if their question has already been answered, which is
    >newsgroup 101. Alas, my mind has become a festering
    >cesspool of ennui.


    Perhaps I do win this contest and it shows that I am learning. ;-)

    I did look through the postings and found nothing. Thus mine was the
    first of these posts/threads.

    Thanks, I just needed to brag. ;-))

    Bill
    Bill Schowengerdt, Sep 19, 2003
    #12
  13. Frank Aston.

    why? Guest

    X-No-Archive: Yes
    On Fri, 19 Sep 2003 14:08:35 -0500, Bill Schowengerdt wrote:

    >On Fri, 19 Sep 2003 05:38:46 -0700, In the heat of the moment, "gangle"
    ><> posted:
    >.
    >>It seems almost no one bothers to scan through headers to
    >>see if their question has already been answered, which is
    >>newsgroup 101. Alas, my mind has become a festering
    >>cesspool of ennui.

    >
    >Perhaps I do win this contest and it shows that I am learning. ;-)
    >
    >I did look through the postings and found nothing. Thus mine was the
    >first of these posts/threads.


    Not by a long shot..... in stardard sort thread/date-time to GMT, and no
    I am not double checking / converting every TZ. The posts below appear
    before yours.

    You 1st post appears to be
    From: Bill Schowengerdt <>
    Newsgroups: 24hoursupport.helpdesk
    Subject: Bogus MS security updates, patches, etc.
    Date: Thu, 18 Sep 2003 21:50:07 -0500
    Message-ID: <>

    Before that

    Newsgroups: 24hoursupport.helpdesk
    Subject: W32.Swen.A@mm - "claim to be patches for Microsoft Internet
    Explorer"
    From: Boomer
    Organization: \o/
    Message-ID: <Xns93FAD35BAECE424680@209.98.50.131>
    Date: 19 Sep 2003 02:43:47 GMT

    From: "geopelia"
    Newsgroups: 24hoursupport.helpdesk
    Subject: Deluge of Microsoft emails etc
    Message-ID: <RUtab.152099$>
    Date: Fri, 19 Sep 2003 14:35:38 +1200


    From: "John Seeliger"
    Newsgroups: 24hoursupport.helpdesk,alt.spam
    Subject: Spam or virus?
    Date: Thu, 18 Sep 2003 21:32:41 -0500
    Lines: 26
    Message-ID: <bkdps6$ljj2$-berlin.de>

    From: "Bay0Wulf"
    Newsgroups: 24hoursupport.helpdesk
    Subject: Microsoft E-Mails Software Patches??? (WARNING ???)
    Message-ID:
    <CGtab.148673$>
    Date: Fri, 19 Sep 2003 02:17:06 GMT

    From: =?ISO-8859-1?Q?R=F4g=EAr?=
    Newsgroups: 24hoursupport.helpdesk
    Subject: Swen
    Date: Thu, 18 Sep 2003 22:05:16 -0400
    Organization: Posted via Supernews, http://www.supernews.com
    Message-ID: <3f6a6457$>

    From: "KerplunKuK"
    Newsgroups: 24hoursupport.helpdesk
    Subject: Security alerts
    Date: Fri, 19 Sep 2003 01:12:41 +0100
    Message-ID: <3f6a49f6$0$257$>


    >Thanks, I just needed to brag. ;-))


    Helps to be first then.....

    Me
    why?, Sep 19, 2003
    #13
  14. On Fri, 19 Sep 2003 19:28:07 GMT, In the heat of the moment, why?
    <fgrirp*sgc@VAINY!Qznq.fpvragvfg.pbz> posted:
    ..
    >X-No-Archive: Yes
    >On Fri, 19 Sep 2003 14:08:35 -0500, Bill Schowengerdt wrote:
    >
    >>On Fri, 19 Sep 2003 05:38:46 -0700, In the heat of the moment, "gangle"
    >><> posted:
    >>.
    >>>It seems almost no one bothers to scan through headers to
    >>>see if their question has already been answered, which is
    >>>newsgroup 101. Alas, my mind has become a festering
    >>>cesspool of ennui.

    >>
    >>Perhaps I do win this contest and it shows that I am learning. ;-)
    >>
    >>I did look through the postings and found nothing. Thus mine was the
    >>first of these posts/threads.

    >
    >Not by a long shot..... in stardard sort thread/date-time to GMT, and no
    >I am not double checking / converting every TZ. The posts below appear
    >before yours.


    Damn. I somehow fucked up again. ;-(
    Bill Schowengerdt, Sep 19, 2003
    #14
  15. Frank Aston.

    Boomer Guest

    why? said:

    > X-No-Archive: Yes
    > On Fri, 19 Sep 2003 14:08:35 -0500, Bill Schowengerdt wrote:
    >
    >>On Fri, 19 Sep 2003 05:38:46 -0700, In the heat of the moment,
    >>"gangle" <> posted:
    >>.
    >>>It seems almost no one bothers to scan through headers to
    >>>see if their question has already been answered, which is
    >>>newsgroup 101. Alas, my mind has become a festering
    >>>cesspool of ennui.

    >>
    >>Perhaps I do win this contest and it shows that I am learning.
    >>;-)
    >>
    >>I did look through the postings and found nothing. Thus mine was
    >>the first of these posts/threads.

    >
    > Not by a long shot..... in stardard sort thread/date-time to
    > GMT, and no I am not double checking / converting every TZ. The
    > posts below appear before yours.
    >
    > You 1st post appears to be
    > From: Bill Schowengerdt <>
    > Newsgroups: 24hoursupport.helpdesk
    > Subject: Bogus MS security updates, patches, etc.
    > Date: Thu, 18 Sep 2003 21:50:07 -0500
    > Message-ID: <>
    >
    > Before that
    >
    > Newsgroups: 24hoursupport.helpdesk
    > Subject: W32.Swen.A@mm - "claim to be patches for Microsoft
    > Internet Explorer"
    > From: Boomer
    > Organization: \o/
    > Message-ID: <Xns93FAD35BAECE424680@209.98.50.131>
    > Date: 19 Sep 2003 02:43:47 GMT
    >


    Before that...

    From: Rôgêr <>
    Newsgroups: 24hoursupport.helpdesk
    Subject: Swen
    Date: Thu, 18 Sep 2003 22:05:16 -0400
    Organization: Posted via Supernews, http://www.supernews.com
    Message-ID: <3f6a6457$>

    And before that...was the forewarning from...

    From: William Poaster <>
    Subject: Blaster2 warning.
    Date: Wed, 17 Sep 2003 19:36:28 +0100
    User-Agent: Pan/0.14.0 (I'm Being Nibbled to Death by Cats!)
    Message-Id: <>
    Newsgroups: 24hoursupport.helpdesk


    >
    >>Thanks, I just needed to brag. ;-))

    >
    > Helps to be first then.....
    >
    > Me
    Boomer, Sep 19, 2003
    #15
  16. Frank Aston.

    Plato Guest

    Plato, Sep 21, 2003
    #16
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andy Hayward

    Unsolicited e,mails

    Andy Hayward, Aug 1, 2003, in forum: Computer Support
    Replies:
    5
    Views:
    504
    Jimchip
    Aug 1, 2003
  2. William Perry

    Unwanted & unsolicited mail

    William Perry, Feb 20, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    445
    °Mike°
    Feb 20, 2004
  3. Patrick Campbell

    Unsolicited Spam

    Patrick Campbell, Oct 4, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    395
    Blinky the Shark
    Oct 4, 2004
  4. Bernie King

    Unsolicited sites

    Bernie King, Nov 19, 2003, in forum: Computer Security
    Replies:
    2
    Views:
    431
    Robin T Cox
    Nov 19, 2003
  5. Pager O Rama

    MSN BLOCK CHECKER-MSN STATUS CHECKER-MSN PROBLEMS

    Pager O Rama, Apr 4, 2006, in forum: Digital Photography
    Replies:
    0
    Views:
    817
    Pager O Rama
    Apr 4, 2006
Loading...

Share This Page