PDA

View Full Version : Re: virus attack


Ernie
September 19th, 2003, 05:10 PM
Seems like the latest trick is to make it look like a returned massage.
Ernie

"slenon" > wrote in message
.. .
> I've deleted over 150 this morning and one or two of them seem to hang up
my
> Mcafee software. Have to hand delete to get around that particular file
in
> order to get rid of the rest of the junk.

Peter Charles
September 19th, 2003, 05:46 PM
daytripper > wrote in message >...
> On Fri, 19 Sep 2003 05:02:11 GMT, "Wayne Harrison" > wrote:
>
> >
> >"George Cleveland" > wrote in message
> ...
> >> On Fri, 19 Sep 2003 03:07:51 GMT, "Wayne Harrison" >
> wrote:
> >>
> >> >calling all geeks! i am being nearly overwhelmed by emails from an
> >> >obviously sham microsoft announcement encouraging the recipient to open
> an
> >> >attachment that no doubt contains a virus. the damn things are coming in
> at
> >> >the rate of about thirty an hour.
> >> >
> >> >where does one go for a stop to this?
> >> >
> >> >yfitons
> >> >wayno
> >> >
> >> >
> >> They're coming in fast and heavy now. Cleared my junk mail folder an hour
> and a
> >> half ago. Just checked and there was another 30 or so in there. They're
> using up
> >> all the space on my hotmail account. It wouldn't surprise me if the web
> is a
> >> bit congested tomorrow morning.
> >
> > this is the most successful assault on the internet to date, imo.
> >surely there is some force to protect us . :)
> >>
> >> g.c.
> >
>
> Your isps are run by nitwits if they're letting this latest barrage get
> through to your personal mail stores. Even my Yahoo account has developed some
> immunity, I haven't gotten one out of this latest run...so far ;-)
>
> /daytripper (just checked, zero hits here on three different isps)


My ISP and my employer has it handled but Hotmail is a disaster. I'm
just going to let the box fill up as emptying it is a waste of time.

Peter

Dave LaCourse
September 19th, 2003, 06:08 PM
Greg Pavlov writes:

>We're not getting the actual virus, just the messages from which
> it was stripped. At least that is what is happening to me on
> fastmail.fm.

My davplac account is protect by allowing only certain names to pass. The
other 6 accounts on my aol have no mail controls set, yet they are not
receiving any of it. (???)
Dave

http://hometown.aol.com/davplac/myhomepage/index.html

Ernie
September 19th, 2003, 07:17 PM
Several years ago I saw an article that said if you put 1000 as you first
address in your address book the worm tries to access the addresses and
stops when it hits 1000. I don't know if this still works or not, but I
have kept it in mine. Of course this doesn't prevent your receiving the
messages, but it prevents the worm from using your computer to send them.
Ernie

Tim J.
September 19th, 2003, 09:13 PM
"Ernie" wrote...
> Several years ago I saw an article that said if you put 1000 as you first
> address in your address book the worm tries to access the addresses and
> stops when it hits 1000. I don't know if this still works or not, but I
> have kept it in mine. Of course this doesn't prevent your receiving the
> messages, but it prevents the worm from using your computer to send them.

As long as it makes you feel better, Ernie. :)
--
TL,
Tim
------------------------
http://css.sbcma.com/timj

walt winter
September 19th, 2003, 09:55 PM
just spent 1 hr, 2 mins, and 56 seconds receiving bull**** on the
home system......

makes ya rethink yer death penalty stance, eh wayno?

--waldo..... guillotine sounds appropriate for the fukkin
*******s.....



Wayne Harrison wrote:
> calling all geeks! i am being nearly overwhelmed by emails from an
> obviously sham microsoft announcement encouraging the recipient to open an
> attachment that no doubt contains a virus. the damn things are coming in at
> the rate of about thirty an hour.
>
> where does one go for a stop to this?
>
> yfitons
> wayno
>
>


--
Tight Lines,

--Walt
Fly Fishing NC & more...
http://www.ezflyfish.com
http://www.wilsoncreekoutfitters.com

Clark Reid
September 19th, 2003, 09:55 PM
Timy wrote:
> Anyone who falls for this sort of ploy in this day and age hasn't been
around
> the block recently. It's akin to the African money transfer schemes in its
> sophistication.

You mean I'm not getting my 12,000,000????

But what about the money I sent to make it all happen?

You've got to be kidding???

:)

--
Clark Reid
http://www.dryflynz.com
Umpqua Designer Flytier

Wayne Harrison
September 19th, 2003, 09:56 PM
"Dave LaCourse" > wrote

> My davplac account is protect by allowing only certain names to pass. The
> other 6 accounts on my aol have no mail controls set, yet they are not
> receiving any of it. (???)

so, we have yet another example of the fact that you are the luckiest mf
in the entire united states.

shut up and go watch jo water the daisies, you lucky *******!

yfitons
wayno (two email accounts chocablock full of fake microsoft mail and stuff
to make my dick bigger)

Clark Reid
September 19th, 2003, 09:56 PM
> Regardless, it's a good product. :)
> --
> TL,
> Tim
> ------------------------
> http://css.sbcma.com/timj


Ouch!

:)


--
Clark Reid
http://www.dryflynz.com
Umpqua Designer Flytier

walt winter
September 19th, 2003, 10:04 PM
Charlie Choc wrote:

> originated from IJ - I think maybe he's infected.

charlie, you misspelt "affected." ;-)

--wally, finally online.... yeah, guillotine the fukkers.

Guyz-N-Flyz
September 19th, 2003, 10:07 PM
"Wayne Harrison" > wrote in message
...
the damn things are coming in at
> the rate of about thirty an hour.
>
> where does one go for a stop to this?
>
> yfitons
> wayno

BellSouth told me that it is sent out by someone with the virus, everytime
they log on to the net. If you are in their e-mail addy book you get
inundated with this ****. Got over 100 yesterday and goin' on 200 today. I
have deleted all everyone of my friends from mothers book and all but family
of hers. This should narrow down the culprit, what with only two e-mail
addys left in the book.

Op --Son-of-a-Bitch this sucks!--

Peter Charles
September 19th, 2003, 10:42 PM
On Fri, 19 Sep 2003 20:56:33 GMT, "Wayne Harrison"
> wrote:

>
>"Dave LaCourse" > wrote
>
>> My davplac account is protect by allowing only certain names to pass. The
>> other 6 accounts on my aol have no mail controls set, yet they are not
>> receiving any of it. (???)
>
> so, we have yet another example of the fact that you are the luckiest mf
>in the entire united states.
>
> shut up and go watch jo water the daisies, you lucky *******!
>
>yfitons
>wayno (two email accounts chocablock full of fake microsoft mail and stuff
>to make my dick bigger)
>

well, at least the latter will be useful . . .

Peter

Eastern Spey Clave, October 4th and 5th, 2003
http://www.easternclave.ca

Visit The Streamer Page at http://www.mountaincable.net/~pcharles/streamers/index.html

Flyfish
September 19th, 2003, 10:51 PM
I agree my ISP is run by idiots, two of which are in jail. When I got my
email with them (the real one not the bogus first one which was actually
someone else's) it had spam in it the first time I opened it. Their tech
support said, yah well those spammers are pretty tricky, ok right.

I get more at work, somehow my email got out and I've been getting about
100 generic viagra, enlargment, load, save money on gas, last chance, final
notice etc. spams a day.

Pain in the ass.

Flyfish

Wolfgang
September 19th, 2003, 11:16 PM
"Greg Pavlov" > wrote in message
...
> On Fri, 19 Sep 2003 06:17:12 -0500, "Wolfgang" >
> wrote:
>
> >
> >Charlie.......or Joe?
>
> Charlie. It's always going for the lesser of two
> evils, isn't it ?

About a horse apiece in my book. One had a wooden head and the other
was......well, a ventriloquist's dummy.

Wolfgang
to whom it has just occurred that the sobriquet "tail gunner joe" might be
seen in a bit of a different light today than it once
was........hm......wonder what j. edgar thought of joe.

Tim J.
September 19th, 2003, 11:21 PM
"Guyz-N-Flyz" wrote...
>
> I
> have deleted all everyone of my friends from mothers book and all but family
> of hers. This should narrow down the culprit, what with only two e-mail
> addys left in the book.

Er, I hate to say this, Op, but THEY would need to delete YOU from THEIR address
book. But now that you've done all this, doesn't that address book look nice and
neat? ;-)

> Op --Son-of-a-Bitch this sucks!--

It does now, eh? . . . I mean ARRrrr.
--
TL,
Tim
------------------------
http://css.sbcma.com/timj

Sierra fisher
September 19th, 2003, 11:33 PM
this is not just an unsuspecting person getting infected and accidentally
sending out stuff. Someone is using a random gernerator to change the
subjects, he/they have the ability to foreward them through numerous other
people's email, and most of the return addresses are forged. They have the
knowledge and the means to circumvent most of the spam detectors. my I hate
spam can ony catch abut half of it.


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.518 / Virus Database: 316 - Release Date: 9/11/2003

Guyz-N-Flyz
September 19th, 2003, 11:41 PM
"Tim J." > wrote in message
...
> > I> Er, I hate to say this, Op, but THEY would need to delete YOU from
THEIR address
> book. But now that you've done all this, doesn't that address book look
nice and
> neat? ;-)
>

Yeah, I thought about it after I posted. Hell it took an hour to get this
thru to ROFF, then I downloaded MailWasher (THANKS!) I told mother that she
would have to contact her sisters by phone or letter--imagine that--to get
them to check their system fro the virus. Everyone will remain BLACKLISTED
until certified letters arrive.

> > Op --Son-of-a-Bitch this sucks!--
>
> It does now, eh? . . . I mean ARRrrr.

Naw not really. I deleted all of my ROFF addys--don't have any other
friends, 'cept my 89 y.o. girlfriend and she can't use the keyboard
anymore--*authoritis* and all that ya know.

Op --Mother was practically in tears when I got home from work, over this
****---Microsoft Virus, not Complete Dental Extraction--

> TL,
> Tim

Sierra fisher
September 19th, 2003, 11:46 PM
I just hope that whoever is sending out all of these messages has the
addresses of my congressmen
">


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.518 / Virus Database: 316 - Release Date: 9/11/2003

daytripper
September 19th, 2003, 11:50 PM
On Fri, 19 Sep 2003 09:41:09 -0400, "Tim J."
> wrote:

>
>"Wolfgang" wrote...
>>
>> "ezflyfisher" wrote...
>> >
>> >
>> > I opened this mornings mail..... it took about 20 minutes to
>> download 100+
>> > junks....
>>
>> I had 212 new ones waiting for me when I arrived at work about half an
>> hour ago. Another half dozen have come in since then. Never seen
>> anything like this before.
>
>It appears to be an info gathering worm - as if you don't get enough spam
>already: http://tinyurl.com/nxpu
>
>Anyone who falls for this sort of ploy in this day and age hasn't been around
>the block recently. It's akin to the African money transfer schemes in its
>sophistication. One thing is for sure: it is propagating rapidly. <geek>Our SMTP
>traffic which normally accounts for about 1-3% of our used bandwidth is up
>around 18%. Since I've made sure no executable programs are allowed past the
>firewall, and we don't allow use of web-based email or access to other POP3
>servers, we're not having virus problems. Now if I could just remove all the
>diskette and CD drives from the workstations. . . </geek>

Here's a quote that summarizes this latest wave pretty well:

"Anybody who has posted to a newsgroup with a non-munged address is a prime
target for this worm.

According to SARC, the worm gets the target email addresses by:
Searches .html, .asp, .eml, .dbx, .wab, .mbx files on the hard disk for
email addresses.

If a victim of the worm uses Outlook Express (ugh!) to read newsgroups,
the newsgroup headers are stored in a .dbx file."

/daytripper (doubt it'll help, but it might 'splain a few thing ;-)

Mark W. Oots
September 19th, 2003, 11:55 PM
"Tim J." > wrote in message
et...
>
> "Wayne Harrison" wrote...
> > calling all geeks! i am being nearly overwhelmed by emails from an
> > obviously sham microsoft announcement encouraging the recipient to open
an
> > attachment that no doubt contains a virus. the damn things are coming
in at
> > the rate of about thirty an hour.
> >
> > where does one go for a stop to this?
>
> http://www.mailwasher.net/ or some other email preview & filtering
software.
> --
> TL,
> Tim

Tim,

I just tried this....Cool!

It seems to work pretty good, we'll see what happens when a bunch of emails
bounce.....

Mark

Stan Gula
September 19th, 2003, 11:58 PM
"daytripper" > wrote in message
...

> "Anybody who has posted to a newsgroup with a non-munged address is a
prime
> target for this worm.
>
> According to SARC, the worm gets the target email addresses by:
> Searches .html, .asp, .eml, .dbx, .wab, .mbx files on the hard disk for
> email addresses.
>
> If a victim of the worm uses Outlook Express (ugh!) to read newsgroups,
> the newsgroup headers are stored in a .dbx file."
>
> /daytripper (doubt it'll help, but it might 'splain a few thing ;-)

Thanks for that, 'tripper.

--Stan (munged all the time and loving it)

daytripper
September 20th, 2003, 12:05 AM
On Fri, 19 Sep 2003 18:17:06 GMT, "Ernie" <NO_
> wrote:

>Several years ago I saw an article that said if you put 1000 as you first
>address in your address book the worm tries to access the addresses and
>stops when it hits 1000. I don't know if this still works or not, but I
>have kept it in mine. Of course this doesn't prevent your receiving the
>messages, but it prevents the worm from using your computer to send them.
>Ernie
>

That was one particular worm, Ernie, about three years ago iirc. The quick
defense was indeed to stick (I think it was actually) 100 bogus entries at the
"alphabetic beginning" of your address book, as the worm would only source the
first 100 entries.

The worms of Aught Three have been much more aggressive, with this latest one
searching through a whole library of different files on the user's system
looking for email addresses to propagate itself.

Nasty and unrestrained...

/daytripper (That's ok in a chick, but pretty bad for networking ;-)

Tim J.
September 20th, 2003, 12:30 AM
"Mark W. Oots" wrote...
>
> "Tim J." wrote...
> >
> > http://www.mailwasher.net/ or some other email preview & filtering
> software.
> > --
>
> Tim,
>
> I just tried this....Cool!
>
> It seems to work pretty good, we'll see what happens when a bunch of emails
> bounce.....

It's not considered very wise in some circles (mine now, too) to bounce
messages. When you bounce them you just use more bandwidth and are probably not
doing any good anyway, since spammers always spam and run to the next email
addy. I now just blacklist (just in case they stick around for more than one
spamming session) and delete. I also don't hesitate to create new filters as
needed.

I receive over 100 emails a day, and 80% are garbage, some of them from valued
clients. ;-) This program has been wonderful in increasing my productiv. . .
er, freeing up time for fishing.
--
TL,
Tim
http://css.sbcma.com/timj

Sierra fisher
September 20th, 2003, 12:32 AM
Okay, how do you munge your account?


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.518 / Virus Database: 316 - Release Date: 9/11/2003

Mark W. Oots
September 20th, 2003, 12:37 AM
"Wayne Harrison" > wrote in message
...
> calling all geeks! i am being nearly overwhelmed by emails from an
> obviously sham microsoft announcement encouraging the recipient to open an
> attachment that no doubt contains a virus. the damn things are coming in
at
> the rate of about thirty an hour.
>
> where does one go for a stop to this?
>
> yfitons
> wayno
>
>
I'm getting about 20 an hour and all on the account I use for
Usenet.....somebody opened something....

Mark

Jeff Miller
September 20th, 2003, 12:49 AM
actually...it's a well-known worm that's been resurrected and improved.
symantech's web site has a good description. it gets address books
too, not just newsgroup addys...so, unless everybody has munged your
address, you're fukked. i looked at some of the source header info on
one of the *******s, and it showed a lot of you boyz in the e-addresses
listed. frankly, it's fascinating that so much intelligence and work
and imagination went into writing the code, but the twisted psychoses
connected to it all must be staggering...

jeff

Sierra fisher wrote:
> Okay, how do you munge your account?
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.518 / Virus Database: 316 - Release Date: 9/11/2003
>
>

Guyz-N-Flyz
September 20th, 2003, 01:17 AM
"Jeff Miller" > wrote in message
news:REMab.184$sp2.16@lakeread04...
> actually...it's a well-known worm that's been resurrected and improved.
> symantech's web site has a good description. it gets address books
> too, not just newsgroup addys...so, unless everybody has munged your
> address, you're fukked. i looked at some of the source header info on
> one of the *******s, and it showed a lot of you boyz in the e-addresses
> listed. frankly, it's fascinating that so much intelligence and work
> and imagination went into writing the code, but the twisted psychoses
> connected to it all must be staggering...
>
> jeff

Jeff, if you saw my name on that list please let me know, so that I can have
this thing exorcised!

Op

Jeff Miller
September 20th, 2003, 01:58 AM
your name was in red... not sure what that meant, but you ain't gotta
spell "redrum" on a mirror to get my attention...

ffej

Guyz-N-Flyz wrote:

> "Jeff Miller" > wrote in message
> news:REMab.184$sp2.16@lakeread04...
>
>>actually...it's a well-known worm that's been resurrected and improved.
>> symantech's web site has a good description. it gets address books
>>too, not just newsgroup addys...so, unless everybody has munged your
>>address, you're fukked. i looked at some of the source header info on
>>one of the *******s, and it showed a lot of you boyz in the e-addresses
>>listed. frankly, it's fascinating that so much intelligence and work
>>and imagination went into writing the code, but the twisted psychoses
>>connected to it all must be staggering...
>>
>>jeff
>
>
> Jeff, if you saw my name on that list please let me know, so that I can have
> this thing exorcised!
>
> Op
>
>

Stan Gula
September 20th, 2003, 02:16 AM
"Sierra fisher" > wrote in message
...
> Okay, how do you munge your account?

In Outlook Express 6, Tools/Accounts and pick your news account and go to
properties. Add ".remove.invalid' (no quotes...) to your email address
and/or reply address. There are other ways, but the '.invalid' is a good
thing to use because mail routers know enough to discard those. Using an
email address with a valid domain name (the stuff after the '@' sign) causes
extra traffic potentially causing delivery attempts to some domain that
doesn't want to see your bounced emails. A really bad thing to do is to use
a real domain name that is not your own.

When you munge your address like that, it's nice it the problem is
self-documenting or you can optionally add a sig line telling people how to
fix your address.

Note that some news servers have a policy of requiring a valid
reply-address. Most do not.

--Stan

Kevin Vang
September 20th, 2003, 05:14 AM
In article >, says...
> just spent 1 hr, 2 mins, and 56 seconds receiving bull**** on the
> home system......
>
> makes ya rethink yer death penalty stance, eh wayno?
>
> --waldo..... guillotine sounds appropriate for the fukkin
> *******s.....


Only if you file the edge off so its good and blunt...
and then work your way from the toes up...

Arrr!
Bloody Davey Kidd

Sierra fisher
September 20th, 2003, 05:55 AM
Done, Thanks
"Stan Gula" > wrote in message
...
> "Sierra fisher" > wrote in message
> ...
> > Okay, how do you munge your account?
>
> In Outlook Express 6, Tools/Accounts and pick your news account and go to
> properties. Add ".remove.invalid' (no quotes...) to your email address
> and/or reply address. There are other ways, but the '.invalid' is a good
> thing to use because mail routers know enough to discard those. Using an
> email address with a valid domain name (the stuff after the '@' sign)
causes
> extra traffic potentially causing delivery attempts to some domain that
> doesn't want to see your bounced emails. A really bad thing to do is to
use
> a real domain name that is not your own.
>
> When you munge your address like that, it's nice it the problem is
> self-documenting or you can optionally add a sig line telling people how
to
> fix your address.
>
> Note that some news servers have a policy of requiring a valid
> reply-address. Most do not.
>
> --Stan
>
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.520 / Virus Database: 318 - Release Date: 9/18/2003

Oldfrat
September 20th, 2003, 08:03 AM
Sure glad to see I'm not the only one getting this at the rate of about
20-30 an hour. Sure sorry I started posting here as I suspect that may be
what is causing it. But, heck, you all seem like nice folks, so I guess it
is worth it. (???)

Totally lost productivity today as they were coming in faster than I could
delete them with the multiple clicks that requires on Norton Anti-virus.
And I had to spend a lot of time on chat with the folks in India who do tech
support for Earthlink.

Here's what I've figured so far in hopes that it might help somebody.

This is the Swen worm. It started on 9/18. It comes in lots of messages,
most of which are so lame that you will immediately recognize it as a
hoax. But one version, complete with graphics, looks an awful lot like a
real message from Microsoft. That one version has turned this into the
fastest spreading virus ever. Google Swen worm and you'll now find a lot of
info on it. (Unlike yesterday!)

All the major AV software makers now have updated patches and fixes for it.
Update your AV definitions immediately and run a check on your machine.

I have yet to find a good way to block it. My best solution to date has
been to subscribe to Earthlink's Web Mail service. This lets me preview my
in box before my Norton AV gets at it, check the boxes of suspicious mail
(most of Swen's have to do with MS), and delete them all at once with one
click.

The SOB who initiated this one deserves to be hanged. I originally thought
by the neck. I'm currently thinking about half way between there and his
ankles - and for a really extended time!






"Mark W. Oots" > wrote in message
om...
>
> "Wayne Harrison" > wrote in message
> ...
> > calling all geeks! i am being nearly overwhelmed by emails from an
> > obviously sham microsoft announcement encouraging the recipient to open
an
> > attachment that no doubt contains a virus. the damn things are coming
in
> at
> > the rate of about thirty an hour.
> >
> > where does one go for a stop to this?
> >
> > yfitons
> > wayno
> >
> >
> I'm getting about 20 an hour and all on the account I use for
> Usenet.....somebody opened something....
>
> Mark
>
>

Frank Reid
September 20th, 2003, 12:10 PM
> I tried that for a while, but I kept messing up, and people
> and computers kept complaining that they couldn't get
> through. I've been using email since about 1976 and I
> find it hard to think along the lines of closing access to
> a mailbox.

We're not worthy!
--
Frank Reid
Reverse email to reply

Guyz-N-Flyz
September 20th, 2003, 12:54 PM
"Sierra fisher" > wrote in message
...
> Done, Thanks


> "Stan Gula" > wrote in message

Done as well, mad bad for not doin' this sooner!

Op

Sierra fisher
September 20th, 2003, 03:08 PM
I have been getting the email that looks like an upgrade notice from MS for
at least 6 months. My virus checker told me that it was a virus, so I have
been deleting it unopened. Microsoft also came out with an announcement a
short while ago saying that they did not send upgrades via email. I don't
know if it was a precursor, but something like this has been around for some
time. I think that Swen has been around since before Sept 18. However some
change was made to make it a lotmore prevalent
"Oldfrat" > wrote in message
nk.net...
> Sure glad to see I'm not the only one getting this at the rate of about
> 20-30 an hour. Sure sorry I started posting here as I suspect that may be
> what is causing it. But, heck, you all seem like nice folks, so I guess
it
> is worth it. (???)
>
> Totally lost productivity today as they were coming in faster than I could
> delete them with the multiple clicks that requires on Norton Anti-virus.
> And I had to spend a lot of time on chat with the folks in India who do
tech
> support for Earthlink.
>
> Here's what I've figured so far in hopes that it might help somebody.
>
> This is the Swen worm. It started on 9/18. It comes in lots of messages,
> most of which are so lame that you will immediately recognize it as a
> hoax. But one version, complete with graphics, looks an awful lot like a
> real message from Microsoft. That one version has turned this into the
> fastest spreading virus ever. Google Swen worm and you'll now find a lot
of
> info on it. (Unlike yesterday!)
>
> All the major AV software makers now have updated patches and fixes for
it.
> Update your AV definitions immediately and run a check on your machine.
>
> I have yet to find a good way to block it. My best solution to date has
> been to subscribe to Earthlink's Web Mail service. This lets me preview
my
> in box before my Norton AV gets at it, check the boxes of suspicious mail
> (most of Swen's have to do with MS), and delete them all at once with one
> click.
>
> The SOB who initiated this one deserves to be hanged. I originally
thought
> by the neck. I'm currently thinking about half way between there and his
> ankles - and for a really extended time!
>
>
>
>
>
>
> "Mark W. Oots" > wrote in message
> om...
> >
> > "Wayne Harrison" > wrote in message
> > ...
> > > calling all geeks! i am being nearly overwhelmed by emails from an
> > > obviously sham microsoft announcement encouraging the recipient to
open
> an
> > > attachment that no doubt contains a virus. the damn things are coming
> in
> > at
> > > the rate of about thirty an hour.
> > >
> > > where does one go for a stop to this?
> > >
> > > yfitons
> > > wayno
> > >
> > >
> > I'm getting about 20 an hour and all on the account I use for
> > Usenet.....somebody opened something....
> >
> > Mark
> >
> >
>
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.520 / Virus Database: 318 - Release Date: 9/19/2003

Frank Reid
September 20th, 2003, 03:39 PM
> where does one go for a stop to this?
> yfitons
> wayno
If you are a mainstream user, i.e. MS products for most of your system, then
the following might help. If you're a true geek and run linux, solaris or
some of the esoteric in-between OS's, then you probably already know this.
One way to slow these things down is to upgrade your systems with the latest
updates and patches. These worms and viruses exploit vulnerabilities that
have often been discovered and patched months ago. If you don't patch, then
you often become part of the problem. Don't just get the operating system
and browser patches, but try to patch the rest of your system (office suite,
antivirus, firewall, etc.). Secondly, try to work with your ISP. If they
don't and won't filter a lot of these viruses and worms, you may have to go
to another ISP. I have a smaller company than the big cable provider in the
area, but they are very good at pre-screening and blocking worms and
viruses.
Filters: There are a lot of them on the market. Some are integrated with
the email program, some are add-ons. Do some research, find the best one
for your type of environment.
Worms and system protection: Ensure you get a program with a registry
guard. This will stop all changes to your system registry unless you
specifically allow it from the keyboard. With 99% of these worms, in order
to affect your system, they must alter your registry. On my Windows XP box,
I use a program called "The Cleaner" from www.moosoft.com. It's fairly
inexpensive, but is very good at finding and stopping worms.
Firewalls: at least get one of the freebies like Zone Alarm. I use Black
Ice. It requires very little interaction and does not easily become a "fire
sieve."
Anti-virus: Update at the minimum, weekly. I go every two days. If yours
is getting long in the tooth, upgrade to one with one of the newer engines.
Ensure that it integrates with your email program. If it doesn't, its less
than useless.
Always on cable: turn off your modem when you're not at your system.
Dial-up: Yeh, you know you've got to watch out for email viruses, but don't
worry about the network worm attacks that a firewall prevents. You're not
on that long. Bull****. There are many hacker sites that tell the newbies
to practice on the AOL, Earthlink and other dial-up ISP's 'cause the users
think they're invulnerable.
Anyone have specific problems, they can email me off-line. I work in info
security. I may not know the right answer off the bat, but I can probably
find it for you.

--
Frank Reid, Certified Information Systems Security Professional
And yes, I'm certifiable.
Reverse email to reply

September 20th, 2003, 11:13 PM
On Fri, 19 Sep 2003 03:07:51 GMT, "Wayne Harrison"
> wrote:

>where does one go for a stop to this?

http://www.mandrake-linux.com

Mike S. Medintz >
"if one feels compelled to wear a sweatshirt over one's bikini for an
"after" pic, it's probably not really an after." -Sarah Jane, in m.f.w

Stan Gula
September 21st, 2003, 04:59 PM
"Greg Pavlov" > wrote in message
...
>
> Someone who has read this group daily for the past 2+ days
> is infected, because I tried to create and use two new aliases
> in the past 48 hours and both were compromised within 6 - 8
> hours.
>

Actually it's worse than that. The latest report I read is that the worm
has a list of NNTP servers and it runs through all available newsgroups,
reads all posts within the past few days, and builds a list of email
addresses to send itself to. So, if you post to Usenet at all, with an
unmunged address, some infected computer, somewhere will grab your address
from a post and add you to the list. It's an automated address grabber like
the spammers use, only it keep on running. It also apparently sends
information back to several servers - maybe it's collecting addresses for
future use. I can't imagine how infected people don't notice the traffic
and overhead of this!

Ernie
September 21st, 2003, 05:55 PM
"rw" > wrote in message
m...
> The only "fix" for me is to go into Earthlink's Webmail and delete the
> messages on the server.

rw,
How does that help? Why don't you doctor your address?
Ernie

rw
September 21st, 2003, 06:12 PM
Stan Gula wrote:
>
> Actually it's worse than that. The latest report I read is that the worm
> has a list of NNTP servers and it runs through all available newsgroups,
> reads all posts within the past few days, and builds a list of email
> addresses to send itself to. So, if you post to Usenet at all, with an
> unmunged address, some infected computer, somewhere will grab your address
> from a post and add you to the list. It's an automated address grabber like
> the spammers use, only it keep on running. It also apparently sends
> information back to several servers - maybe it's collecting addresses for
> future use. I can't imagine how infected people don't notice the traffic
> and overhead of this!

FWIW, I just talked to Earthlink support. They say there's nothing they
can do about it. I suggested blocking all messages that are 141KB or
142KB. That would work, but they can't "censor" mail. Well, they can
damn well give their customers the wherewithall to censor their own mail
by message size.

The only "fix" for me is to go into Earthlink's Webmail and delete the
messages on the server.

Ernie
September 21st, 2003, 07:00 PM
"rw" > wrote in message
m...
> Ernie wrote:
> > "rw" > wrote in message
> > m...
> >
> >>The only "fix" for me is to go into Earthlink's Webmail and delete the
> >>messages on the server.
> >
> >
> > rw,
> > How does that help?
>
> It helps because I don't have to download hundreds of 141KB emails.
>
Then you might like that Mail Washer program, but I would still doctor my
address.
Ernie

Warren
September 21st, 2003, 07:09 PM
wrote...
> It helps because I don't have to download hundreds of 141KB emails.

Don't you have a feature that allows you to preview the
headers instead of downloading them all first?
--
Warren
(use troutbum_mt (at) yahoo to reply via email)

rw
September 21st, 2003, 07:20 PM
Ernie wrote:
> "rw" > wrote in message
> m...
>
>>The only "fix" for me is to go into Earthlink's Webmail and delete the
>>messages on the server.
>
>
> rw,
> How does that help?

It helps because I don't have to download hundreds of 141KB emails.

walt winter
September 21st, 2003, 08:34 PM
rw wrote:
> Warren wrote:
>
>> wrote...
>>
>>> It helps because I don't have to download hundreds of 141KB emails.
>>
>>
>>
>> Don't you have a feature that allows you to preview the headers
>> instead of downloading them all first?
>
>
> Yeah. That's what Webmail allows me to do: Look at the headers on the
> server and then delete the ones I don't want to download.
>

yup, that's what i've been doing on my two accounts for over 3
hours today. i've been trashing them to the block sender file but
that ain't helping much.

doncha just love earthlink? i can't believe they can't provide
filters for words and/or phrases or at least by file size.

--walt the ****ed

Guyz-N-Flyz
September 21st, 2003, 09:23 PM
"walt winter" > wrote in message
...
> yup, that's what i've been doing on my two accounts for over 3
> hours today. i've been trashing them to the block sender file but
> that ain't helping much.
>
> doncha just love earthlink? i can't believe they can't provide
> filters for words and/or phrases or at least by file size.
>
> --walt the ****ed

Block sender can't touch this ****. Hell, ya can't even tell it to block or
not download from server. It's not just Earthlinky either. BS (bellsouth)
says the same thing as Earthlinky. Microsoft is the one who should be doin'
somethin' about this, it is their software bein' attacked afterall!

Went fishin' with my brother on Lower, Inner, Upper, Outter Creek today. He
ain't to skilled with a rod, but he did catch the first trout brought to
hand--9" brown.

Op

rw
September 21st, 2003, 09:23 PM
Warren wrote:
> wrote...
>
>>It helps because I don't have to download hundreds of 141KB emails.
>
>
> Don't you have a feature that allows you to preview the
> headers instead of downloading them all first?

Yeah. That's what Webmail allows me to do: Look at the headers on the
server and then delete the ones I don't want to download.

rw
September 21st, 2003, 10:41 PM
Guyz-N-Flyz wrote:
>
> Microsoft is the one who should be doin'
> somethin' about this, it is their software bein' attacked afterall!

Amen.

This **** started happening months ago. As I understand it about this
Swen Worm, Microsoft software is so insecure that merely LOOKING at one
of these trojan horses can get you infected. They (MS) should have acted
sooner and more effectively.

Someone asked me today why Microsoft software is so insecure. It's
complicated:

-- Code bloat from inheriting and supporting ancient software (e.g., DOS).

-- A lazy, greedy, commercial tendency to create a "feature rich"
environment, where all Microsoft products can interact "seamlesly" (Hah,
hah!), to the detriment of their competitors' software. These "features"
are often security bugs.

-- Monopoly.

-- And, related to the above bullet, lots of people (including me) hate
Microsoft. (I didn't have anything to do with the Swen Worm.)

-- Add your own reason here.

Oldfrat
September 22nd, 2003, 12:59 AM
Hey, RW, I also spent a lot of time with Earthlink tech support.

Swens were coming in at such a rate that, by the time I had gone through all
of the clicks and keystrokes Norton Anti-Virus requires to delete the damn
things, there were more of them needing NAV clicks and keystokes.

I activated my Earthlink Web Mail service. Web Mail at least lets me delete
them before NAV sees them so the number of clicks is greatly reduced.

I've even gone to the trouble of manually entering all of my Outlook Express
address book into Web mail so that I could set Spam Blocker at its highest
power. Now why the heck doesn't Earthlink have a way to import address
books into Web Mail???!

More importantly, why doesn't Spam Blocker automatically pick up 99.9% of
these instead of 0.1%? At this point I can clearly see which ones are virus
laden spam. Why the heck can't they??

Have you noticed how fast these Swen's fill up your 10MB of mail storage?

Thank heavens Swen doesn't have my business e-mail address or I'd be losing
potential new clients left and right if I left for a day or so and didn't
check my mail.

May the pimply, onanistic, teen Geek who spawned Swen spend eternity hanging
by his cojones over a slow fire in Hell!

I
"rw" > wrote in message
m...
> Stan Gula wrote:
> >
> > Actually it's worse than that. The latest report I read is that the
worm
> > has a list of NNTP servers and it runs through all available newsgroups,
> > reads all posts within the past few days, and builds a list of email
> > addresses to send itself to. So, if you post to Usenet at all, with an
> > unmunged address, some infected computer, somewhere will grab your
address
> > from a post and add you to the list. It's an automated address grabber
like
> > the spammers use, only it keep on running. It also apparently sends
> > information back to several servers - maybe it's collecting addresses
for
> > future use. I can't imagine how infected people don't notice the
traffic
> > and overhead of this!
>
> FWIW, I just talked to Earthlink support. They say there's nothing they
> can do about it. I suggested blocking all messages that are 141KB or
> 142KB. That would work, but they can't "censor" mail. Well, they can
> damn well give their customers the wherewithall to censor their own mail
> by message size.
>
> The only "fix" for me is to go into Earthlink's Webmail and delete the
> messages on the server.
>

rw
September 22nd, 2003, 03:32 AM
Oldfrat wrote:
>
> Have you noticed how fast these Swen's fill up your 10MB of mail storage?

Lately, the only emails I've been getting are from Earthlink, telling me
I've filled my 10MB quota. It's so lonely here. :-)

Warren
September 22nd, 2003, 01:18 PM
wrote...
> Amen.
>
> This **** started happening months ago. As I understand it about this
> Swen Worm, Microsoft software is so insecure that merely LOOKING at one
> of these trojan horses can get you infected. They (MS) should have acted
> sooner and more effectively.
>
> Someone asked me today why Microsoft software is so insecure. It's
> complicated:
>
> -- Code bloat from inheriting and supporting ancient software (e.g., DOS).
>
> -- A lazy, greedy, commercial tendency to create a "feature rich"
> environment, where all Microsoft products can interact "seamlesly" (Hah,
> hah!), to the detriment of their competitors' software. These "features"
> are often security bugs.
>
> -- Monopoly.
>
> -- And, related to the above bullet, lots of people (including me) hate
> Microsoft. (I didn't have anything to do with the Swen Worm.)
>
> -- Add your own reason here.

Well I dunno. I sure the hell ain't the one having the
problem. <g> Remember saying how "secure" your crapple was
because nobody bothered screwing with them? Well? A properly
prepared machine won't be touched by this **** and I am safe.
Perhaps it is time that you looked into munging your email,
install an AV program, get a good firewall and just sit back
and relax. For once I am *totally* covered and your ass is on
the grill. **** crapples! <bseg>

My biggest complaint about this latest virus is that I had to
empty my bulk mail folder once *one* of my AV programs
identified this as a virus. Ain't life a bitch? <g>
--
Warren
(use troutbum_mt (at) yahoo to reply via email)

rw
September 22nd, 2003, 03:57 PM
Warren wrote:
>
> Well I dunno. I sure the hell ain't the one having the
> problem. <g>

I should hope not, after getting infected with a virus so badly that you
not only lost all your Rock Creek photos, but ended up buying a new
computer.

> Remember saying how "secure" your crapple was
> because nobody bothered screwing with them? Well?

It has nothing to do with the kind of computer I use. My computer hasn't
been infected. The problem is that people running Windows have been
infected and now their computers are spewing garbage all over the net
It's even worse than Wolfgang's posts. :-)