How do you know you didn't get infected by Swen?

Discussion in 'Computer Security' started by wylbur37, Nov 17, 2003.

  1. wylbur37

    wylbur37 Guest

    How can you really determine whether or not your computer has been
    infected by the Swen worm?

    Having an anti-virus program report "no infections" is not necessarily
    conclusive since it's possible that the anti-virus program wasn't
    updated, or the update didn't include the code for Swen.

    Is there a program available that was written specifically to detect
    Swen?

    Alternatively, are there specific symptoms to look for (such as the
    existence of certain files or executables) that would reveal the
    presence of Swen?

    How can you be sure you didn't get infected by Swen?
     
    wylbur37, Nov 17, 2003
    #1
    1. Advertisements

  2. Tina - AffordableHOST.com, Nov 17, 2003
    #2
    1. Advertisements

  3. By running Linux.
     
    David F. Skoll, Nov 17, 2003
    #3
  4. Please see e.g. <URL:http://vil.nai.com/vil/content/v_100662.htm>.

    Follow-ups set.

    Thor
     
    Thor Kottelin, Nov 17, 2003
    #4
  5. wylbur37

    Ben Myers Guest

    Ben Myers, Nov 17, 2003
    #5
  6. wylbur37

    s. keeling Guest

    Are you still being bombarded with swen? If so, you're not infected.
    Or you're not running Windows, thereby disabling swen from inoculating
    itself against further attack..
     
    s. keeling, Nov 18, 2003
    #6

  7. you've got to be kidding me.... this is "advice"? jesus.

    Just because you think this person is being bombarded with swen, they're
    not infected? Do you have a clue? That's one of the worst examples of
    "logic" that I've ever seen.

    Being bombarded with swen infected emails has absolutely nothing to do
    with the person being infected or not.



    --
    Colonel Flagg
    http://www.internetwarzone.org/

    Privacy at a click:
    http://www.cotse.net

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
     
    Colonel Flagg, Nov 18, 2003
    #7
  8. wylbur37

    LO&MsLO Guest

    Or you belong to Yahoo or MSN groups. Stop those and you will stop
    the Swen. In a year or two.

    John
     
    LO&MsLO, Nov 18, 2003
    #8
  9. wylbur37

    Mimic Guest

    www.avp.ch
    www.symantec.com
    get a clue

    --
    Mimic

    "Without Knowledge you have fear, With fear you create your own nightmares."
    "There are 10 types of people in this world. Those that understand Binary,
    and those that dont."
    "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
    when you do, it blows away your whole leg"
     
    Mimic, Nov 18, 2003
    #9
  10. Hey wylbur,

    Sorry to see that your plea for help evoked as many attitude responses as
    advice responses. Also, I may be wasting my time because I am thinking that
    since you cross posted your request for help to so many places, and I am
    only replying in here, you may not monitor this group for individual
    responses.

    Now, I am nothing but the average household variety computer user. I think I
    can pass on a couple valuable suggestions in spite of my shortcomings.

    Two things can be a big help to you. One is to create a boot floppy
    according to your AV instructions. This protects you by allowing you to run
    a scan before boot up from the floppy, since some nasties reconfigure or
    disable your AV and or firewall. The second thing is to take advantage of
    any of the online virus scans. These do not rely on the operation of your AV
    software or the virus definitions contained in your AV.

    The recent collusion between the spammers and hackers has really ratcheted
    up the deceit and sophistication. A recent variant installs 2 copies of
    itself. If you try to delete copy 1, copy 2 will reinstall it. Delete copy 2
    and copy 1 will reinstall it. They also can reconfigure your AV and firewall
    and do stuff like disable your keyboard and mouse. In short, they have
    declared war on us all. They are determined to make us all spam robots. Of
    course we still have the identity thieves and credit card fraud to deal with
    such as the recent ebay situation where the thieves actually made a replica
    of the ebay web site to lure people into giving out their financial and
    credit card info.

    Computing is no longer commerce made easy or fun on the playground. It is
    now war on the battlefield.

    A note to any potential responders: If I fail to sound like an expert or
    fail to speak proper computerese, or sound like an idiot, deal with it. If I
    have given flawed or incomplete advice then by all means correct me.
     
    Colonel Kernel, Nov 19, 2003
    #10
  11. wylbur37

    Jim Warren Guest

    Swen may have done us a favor. His virus is so annoying it may deter
    other hackers from writing viruses. Can't someone write an anti swen
    virus that infects every computer in the world by removing swen from
    their computer? Swen I know you are reading this because you probably
    want all the attention you can get and you are probably inudated by
    your own virus generated emails. How about turning this off.

    Thanks
    Jim

    Swen may you have an interesting life.
     
    Jim Warren, Nov 22, 2003
    #11
  12. wylbur37

    Jeff Guest

    On Mon, 17 Nov 2003 04:44:08 -0800, wylbur37 wrote:

    I'm running Gentoo linux, and thus immune to Swen, but that hasn't
    prevented me from getting pounded with attempts. A few months ago I
    suddenly started getting large numbers of them. At first, they were what I
    will call 'direct attacks' - i.e. an email sent to me masquerading as a MS
    update or something else I should run. But increasingly, they became
    notifications from ISP's that 'my' (virus laden) mail was undeliverable,
    from which I conclude that either my email address is the return address
    on attacks to other people - many of whom are bad addresses, or that this
    is actually a more subtle form of attack which attempts to get me to
    figure out what I was trying to send to someone by running it. Its hard to
    tell, as the so-called intended recipient is often a gibberish address.

    Its trivial to use procmail to filter these things (based on
    mime-content), so I've been keeping them for statistical purposes. Here is
    a graph of the inbound rate so far:

    http://home.comcast.net/~jcunningham63/linux/virusgraph.gif

    -Jeff Cunningham
     
    Jeff, Nov 22, 2003
    #12
  13. On that special day, Jim Warren, () said...
    Only that his name is Begbie (Slovakia). He dropped the name somewhere
    in the worm body.


    Gabriele Neukam

     
    Gabriele Neukam, Nov 22, 2003
    #13
  14. wylbur37

    Transmute Guest

    Interesting. If there was any justice in the world, it wouldn't matter
    what his birth name was. He would just be Bubba's new bitch. With a
    whole load of nasty things dropped into *his* body.

    Regards,

    Pete.
     
    Transmute, Nov 22, 2003
    #14
  15. wylbur37

    Mimic Guest



    I feel so unloved, I havent got single swen. Infact the only virus Ive had
    the past 6years is the blaster worm i picked up off a mpg on kazaa :p

    --
    Mimic

    "Without Knowledge you have fear, With fear you create your own nightmares."
    "There are 10 types of people in this world. Those that understand Binary,
    and those that dont."
    "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
    when you do, it blows away your whole leg"
     
    Mimic, Nov 23, 2003
    #15
  16. All of yours are being sent to yeonho,Lee. At least that's the
    name of the registrant for the domain void.net.

    Regards, Dave Hodgins
     
    David W. Hodgins, Nov 23, 2003
    #16
  17. wylbur37

    Mimic Guest

    LOL

    --
    Mimic

    "Without Knowledge you have fear, With fear you create your own nightmares."
    "There are 10 types of people in this world. Those that understand Binary,
    and those that dont."
    "C makes it easy to shoot yourself in the foot. C++ makes it harder, but
    when you do, it blows away your whole leg"
     
    Mimic, Nov 23, 2003
    #17
  18. You may LOL but Dave was being serious. Using a domain that is registered to
    someone else means exactly what he said. That address may/will be harvested from
    Usenet posts and the owner of the void.net domain may/will get any nasty stuff
    that you would have got had your address been there. Lets just hope he has the
    facility to reject mail sent to "null". I get loads of crap that gets rejected
    by my mail server that is sent to user "newsgroups".

    Maybe you could mask your real address in another more net friendly way....?
     
    Richard Howlett, Nov 24, 2003
    #18
  19. wylbur37

    Bill Guest


    That or use microsoft.com
     
    Bill, Nov 24, 2003
    #19
  20. I have had the same problem as you have and it started from this
    newsgroup but whomever sent it to me...you where not successful in
    tricking me into thinking that that was a security patch.Anyway...Just
    change your password for whatever server you use and create filters to
    catch the virus before it reaches you.Hope that helps you.
     
    Cyberphreak101, Nov 27, 2003
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.