I'm getting several megs of spam from MS every day

Discussion in 'Computer Support' started by Bob - Andover, MA, Oct 15, 2003.

  1. I am getting dozens of emails from various Microsoft address each day,
    each email containing an attachment claiming to be the latest update
    which "resolves all known security vulnerabilities affecting MS
    Internet Explorer, MS Outlook and MS Outlook Express".

    The 'From:' addresses varies from message to message. A few examples
    are:

    "MS Customer Assistance" <>
    "MS Internet Security Department"
    <[email protected]_msdn.com>
    "MS Security Assistance" <>
    "Microsoft" <[email protected]_ms.com>
    "MS Technical Bulletin" <>
    "Program Security Center"
    <[email protected]_msdn.com>

    The 'Subject:' lines also vary, and include:

    Microsoft Upgrade
    Net Critical Pack
    Newest Network Critical Update
    Current Microsoft Security Upgrade
    Current Network Critical Upgrade
    Critical Update

    The attachments have filenames like:

    q655972.exe
    Q991193.exe
    Install242.exe
    upgrade6466.exe
    UPGRADE.exe
    q892442.exe

    I include here the full headers of just one of the messages:

    ' X-Apparently-To: via 216.136.175.15; Tue, 14 Oct
    2003 22:08:51 -0700
    ' X-YahooFilteredBulk: 211.6.83.44
    ' Return-Path: <>
    ' Received: from 211.6.83.44 (EHLO smtp.ruby.ocn.ne.jp) (211.6.83.44)
    by mta225.mail.scd.yahoo.com with SMTP; Tue, 14 Oct 2003 22:08:50
    -0700
    ' Received: from xbcvg (p7156-ip01gifu.gifu.ocn.ne.jp
    [220.97.104.156]) by smtp.ruby.ocn.ne.jp (Postfix) with SMTP id
    A6BF63429; Wed, 15 Oct 2003 14:08:22 +0900 (JST)
    ' From: "MS Customer Assistance" <>
    ' To: "User" <>
    ' Subject: Net Critical Pack
    ' Mime-Version: 1.0
    ' Content-Type: multipart/mixed; boundary="vncoyvesbfm"
    ' Message-Id: <>
    ' Date: Wed, 15 Oct 2003 14:08:22 +0900 (JST)
    ' Content-Length: 80194




    Each attachment in each message is approximately 150K in size. I
    receive at least 15 of these each day - that is a total of 2.2MB each
    day. My email address is a free yahoo account, which gives me 6MB
    total disk storage.

    Since I already have about 4.8MB of old messages in that account, my
    mailbox is getting disabled EVERY DAY until I go in and manually
    remove the dozens of messages from Microsoft. I do this once daily,
    which means there are many hours leading up to that chore during which
    my account is maxed-out and unable to receive new emails from
    *anybody*.

    Since the message source addresses and subjects vary from message to
    message, there is no way for me to create a filter to drop these
    messages - even if there were a small number of common addresses
    and/or subject lines, yahoo only provides a limited number of filters
    that I can create, so I wouldn't be able to create a filter for every
    combination.

    So my only hope to get Miscrosoft to stop sending me these updates.

    I have absolutely no recollection of signing up for such mailings,
    though I may indeed have done so unwittingly. Even still, I would
    think Microsoft at least wouldn't send me *so many* emails every day.

    But even though most every aspect of each message varies from one to
    the next, there is one consistent feature of every single message: The
    messages do *NOT* provide information on how to be dropped from
    receiving future emails.

    So, I am resorting to posting this newgroup, pleading for information
    on how I might possibly get removed from Microsoft's lists. My email
    account is effectively disabled until Miscrosoft stops sending me
    these huge mailings.
     
    Bob - Andover, MA, Oct 15, 2003
    #1
    1. Advertisements

  2. Bob - Andover, MA

    Petit Alexi Guest

    (Bob - Andover, MA) wrote in
    They don't come from Microsoft, they come from people infected with a
    computer virus.

    What can you do?

    1) make sure you have anti-virus software
    2) make sure everyone you know has anti virus software
    3) keep upto date with security patches

    then get another email address, and learn how to mung it.

    [snip]
     
    Petit Alexi, Oct 15, 2003
    #2
    1. Advertisements

  3. Bob - Andover, MA

    °Mike° Guest

    It is a virus. Microsoft do NOT send out patches via email.

    http://www.symantec.com/avcenter/venc/data/

    http://www3.ca.com/virusinfo/virus.aspx?ID=36939

    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SWEN.A

    http://vil.nai.com/vil/content/v_100662.htm


    Online Antivirus scanners:
    --------------------------
    http://housecall.trendmicro.com/housecall/start_corp.asp
    http://www.kaspersky.com/remoteviruschk.html
    http://www3.ca.com/virusinfo/virusscan.aspx
    http://security.symantec.com/sscv6/default.asp
    http://www.pandasoftware.com/activescan/activescan.asp
    http://commandondemand.com/eval/index.cfm
    http://www.ravantivirus.com/scan/ [See **]
    http://www.bitdefender.com/scan/licence.php
    http://www.pcpitstop.com/antivirus/default.asp
    http://scan.sygatetech.com/prestealthscan.html

    ** Caveat:
    http://archives.neohapsis.com/archives/bugtraq/2003-07/0240.html

    Anti-virus programs:
    --------------------
    eZ Antivirus (Computer Associates)
    http://www.my-etrust.com/products/Antivirus.cfm

    Vet (Computer Associates)
    http://www.vet.com.au/html/products/index.html

    KAV (Kaspersky)
    http://www.kaspersky.com/

    Sophos
    http://www.sophos.com/products/software/antivirus/

    NOD32
    http://www.nod32.com/home/home.htm

    Norman Virus Control
    http://www.norman.com/products_nvc.shtml

    F-Prot
    http://www.f-prot.com/download/

    AVG
    http://www.grisoft.com/


     
    °Mike°, Oct 15, 2003
    #3
  4. Bob - Andover, MA

    Richard Guest

    Set up message rules to filter out the junk.
    If your ISP has webmail, use it and delete the stuff directly.
    Then bitch and complain to them that they are running a piss poor service
    that allows such things to get through.
    They do have the capability to catch these virus mails if they'd only learn
    how to do it.
     
    Richard, Oct 15, 2003
    #4
  5. Bob - Andover, MA

    jeroen Guest

    Futile since it's a virus.

    Your volume is nothing!
    here's what my Linux server blocks each week:
    http://wijnands.xs4all.nl/virus/virus
     
    jeroen, Oct 15, 2003
    #5
  6. Bob - Andover, MA

    Brian H¹© Guest

    Richard said:
    It's not a question of ISP's not knowing how to do something.
    Most customers don't want their ISP scanning their posts and slow down
    connectivity, they prefer to check their own mail and retain a better response
    time.
     
    Brian H¹©, Oct 15, 2003
    #6
  7. Gordon Burgess-Parker, Oct 15, 2003
    #7
  8. True, I do post to usenet with a real email address. However, my
    approach has been to use one particular email address for my usenet
    posting and let it receive all the resulting spam.

    But all that spam doesn't bother me at all, because I have other email
    addresses which I use for work and home and from which I NEVER post to
    usenet. Indeed, these addresses receive almost no spam and I've used
    them for several years now.

    I use google groups to post to usenet - I'm pretty sure they don't
    allow posting with non-real email addresses. Hence the necessity of
    setting up that usenet-only email address on yahoo.

    My system has worked GREAT - until now. These frigging email
    attachment viruses, at 142K a pop, are filling up my usenet-only
    account so quickly it is rendering the account almost unusable.
     
    Bob - Andover, MA, Oct 16, 2003
    #8
  9. Its viral.. i REALLY hope you didn't open any of the attachments....

    Win32.Swen.A
    Alias: I-Worm.Swen (Kaspersky),
    [email protected] (Symantec) ,
    W32/Gibe.E-mm (MessageLabs),
    W32/Gibe-F (Sophos),
    Win32/Swen.A.Worm,
    WORM_SWEN.A (Trend)
    Category: Win32
    Type: Worm
    Published Date: 9/18/2003

    http://www3.ca.com/virusinfo/virus.aspx?ID=36939

    info Link + removal tool
     
    BuffNET Tech Support - MichaelJ, Oct 16, 2003
    #9
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.