I'm getting several megs of spam from MS every day

I am getting dozens of emails from various Microsoft address each day,
each email containing an attachment claiming to be the latest update
which "resolves all known security vulnerabilities affecting MS
Internet Explorer, MS Outlook and MS Outlook Express".

The 'From:' addresses varies from message to message. A few examples
are:

"MS Customer Assistance" <>
"MS Internet Security Department"
<[email protected]_msdn.com>
"MS Security Assistance" <>
"Microsoft" <[email protected]_ms.com>
"MS Technical Bulletin" <>
"Program Security Center"
<[email protected]_msdn.com>

The 'Subject:' lines also vary, and include:

Microsoft Upgrade
Net Critical Pack
Newest Network Critical Update
Current Microsoft Security Upgrade
Current Network Critical Upgrade
Critical Update

The attachments have filenames like:

q655972.exe
Q991193.exe
Install242.exe
upgrade6466.exe
UPGRADE.exe
q892442.exe

I include here the full headers of just one of the messages:

' X-Apparently-To: via 216.136.175.15; Tue, 14 Oct
2003 22:08:51 -0700
' X-YahooFilteredBulk: 211.6.83.44
' Return-Path: <>
' Received: from 211.6.83.44 (EHLO smtp.ruby.ocn.ne.jp) (211.6.83.44)
by mta225.mail.scd.yahoo.com with SMTP; Tue, 14 Oct 2003 22:08:50
-0700
' Received: from xbcvg (p7156-ip01gifu.gifu.ocn.ne.jp
[220.97.104.156]) by smtp.ruby.ocn.ne.jp (Postfix) with SMTP id
A6BF63429; Wed, 15 Oct 2003 14:08:22 +0900 (JST)
' From: "MS Customer Assistance" <>
' To: "User" <>
' Subject: Net Critical Pack
' Mime-Version: 1.0
' Content-Type: multipart/mixed; boundary="vncoyvesbfm"
' Message-Id: <>
' Date: Wed, 15 Oct 2003 14:08:22 +0900 (JST)
' Content-Length: 80194




Each attachment in each message is approximately 150K in size. I
receive at least 15 of these each day - that is a total of 2.2MB each
day. My email address is a free yahoo account, which gives me 6MB
total disk storage.

Since I already have about 4.8MB of old messages in that account, my
mailbox is getting disabled EVERY DAY until I go in and manually
remove the dozens of messages from Microsoft. I do this once daily,
which means there are many hours leading up to that chore during which
my account is maxed-out and unable to receive new emails from
*anybody*.

Since the message source addresses and subjects vary from message to
message, there is no way for me to create a filter to drop these
messages - even if there were a small number of common addresses
and/or subject lines, yahoo only provides a limited number of filters
that I can create, so I wouldn't be able to create a filter for every
combination.

So my only hope to get Miscrosoft to stop sending me these updates.

I have absolutely no recollection of signing up for such mailings,
though I may indeed have done so unwittingly. Even still, I would
think Microsoft at least wouldn't send me *so many* emails every day.

But even though most every aspect of each message varies from one to
the next, there is one consistent feature of every single message: The
messages do *NOT* provide information on how to be dropped from
receiving future emails.

So, I am resorting to posting this newgroup, pleading for information
on how I might possibly get removed from Microsoft's lists. My email
account is effectively disabled until Miscrosoft stops sending me
these huge mailings.

 

(Bob - Andover, MA) wrote in

They don't come from Microsoft, they come from people infected with a
computer virus.

What can you do?

1) make sure you have anti-virus software
2) make sure everyone you know has anti virus software
3) keep upto date with security patches

then get another email address, and learn how to mung it.

[snip]

 

It is a virus. Microsoft do NOT send out patches via email.

http://www.symantec.com/avcenter/venc/data/

http://www3.ca.com/virusinfo/virus.aspx?ID=36939

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SWEN.A

http://vil.nai.com/vil/content/v_100662.htm


Online Antivirus scanners:
--------------------------
http://housecall.trendmicro.com/housecall/start_corp.asp
http://www.kaspersky.com/remoteviruschk.html
http://www3.ca.com/virusinfo/virusscan.aspx
http://security.symantec.com/sscv6/default.asp
http://www.pandasoftware.com/activescan/activescan.asp
http://commandondemand.com/eval/index.cfm
http://www.ravantivirus.com/scan/ [See **]
http://www.bitdefender.com/scan/licence.php
http://www.pcpitstop.com/antivirus/default.asp
http://scan.sygatetech.com/prestealthscan.html

** Caveat:
http://archives.neohapsis.com/archives/bugtraq/2003-07/0240.html

Anti-virus programs:
--------------------
eZ Antivirus (Computer Associates)
http://www.my-etrust.com/products/Antivirus.cfm

Vet (Computer Associates)
http://www.vet.com.au/html/products/index.html

KAV (Kaspersky)
http://www.kaspersky.com/

Sophos
http://www.sophos.com/products/software/antivirus/

NOD32
http://www.nod32.com/home/home.htm

Norman Virus Control
http://www.norman.com/products_nvc.shtml

F-Prot
http://www.f-prot.com/download/

AVG
http://www.grisoft.com/

 

Set up message rules to filter out the junk.
If your ISP has webmail, use it and delete the stuff directly.
Then bitch and complain to them that they are running a piss poor service
that allows such things to get through.
They do have the capability to catch these virus mails if they'd only learn
how to do it.

 

Futile since it's a virus.

Your volume is nothing!
here's what my Linux server blocks each week:
http://wijnands.xs4all.nl/virus/virus

 

Richard said:

It's not a question of ISP's not knowing how to do something.
Most customers don't want their ISP scanning their posts and slow down
connectivity, they prefer to check their own mail and retain a better response
time.

 

And you'll get more and more spam as you are posting to usenet with your
real email address!

Read these:
http://members.aol.com/emailfaq/mungfaq.html
http://www.mailmsg.com/SPAM_munging.htm

 

True, I do post to usenet with a real email address. However, my
approach has been to use one particular email address for my usenet
posting and let it receive all the resulting spam.

But all that spam doesn't bother me at all, because I have other email
addresses which I use for work and home and from which I NEVER post to
usenet. Indeed, these addresses receive almost no spam and I've used
them for several years now.

I use google groups to post to usenet - I'm pretty sure they don't
allow posting with non-real email addresses. Hence the necessity of
setting up that usenet-only email address on yahoo.

My system has worked GREAT - until now. These frigging email
attachment viruses, at 142K a pop, are filling up my usenet-only
account so quickly it is rendering the account almost unusable.

 

Its viral.. i REALLY hope you didn't open any of the attachments....

Win32.Swen.A
Alias: I-Worm.Swen (Kaspersky),
[email protected] (Symantec) ,
W32/Gibe.E-mm (MessageLabs),
W32/Gibe-F (Sophos),
Win32/Swen.A.Worm,
WORM_SWEN.A (Trend)
Category: Win32
Type: Worm
Published Date: 9/18/2003

http://www3.ca.com/virusinfo/virus.aspx?ID=36939

info Link + removal tool