virus attack

Done, Thanks
"Stan Gula" wrote in message
...
"Sierra fisher" wrote in message
...
Okay, how do you munge your account?

In Outlook Express 6, Tools/Accounts and pick your news account and go to
properties. Add ".remove.invalid' (no quotes...) to your email address
and/or reply address. There are other ways, but the '.invalid' is a good
thing to use because mail routers know enough to discard those. Using an
email address with a valid domain name (the stuff after the '@' sign)
causes
extra traffic potentially causing delivery attempts to some domain that
doesn't want to see your bounced emails. A really bad thing to do is to
use
a real domain name that is not your own.

When you munge your address like that, it's nice it the problem is
self-documenting or you can optionally add a sig line telling people how
to
fix your address.

Note that some news servers have a policy of requiring a valid
reply-address. Most do not.

--Stan




---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.520 / Virus Database: 318 - Release Date: 9/18/2003

Sure glad to see I'm not the only one getting this at the rate of about
20-30 an hour. Sure sorry I started posting here as I suspect that may be
what is causing it. But, heck, you all seem like nice folks, so I guess it
is worth it. (???)

Totally lost productivity today as they were coming in faster than I could
delete them with the multiple clicks that requires on Norton Anti-virus.
And I had to spend a lot of time on chat with the folks in India who do tech
support for Earthlink.

Here's what I've figured so far in hopes that it might help somebody.

This is the Swen worm. It started on 9/18. It comes in lots of messages,
most of which are so lame that you will immediately recognize it as a
hoax. But one version, complete with graphics, looks an awful lot like a
real message from Microsoft. That one version has turned this into the
fastest spreading virus ever. Google Swen worm and you'll now find a lot of
info on it. (Unlike yesterday!)

All the major AV software makers now have updated patches and fixes for it.
Update your AV definitions immediately and run a check on your machine.

I have yet to find a good way to block it. My best solution to date has
been to subscribe to Earthlink's Web Mail service. This lets me preview my
in box before my Norton AV gets at it, check the boxes of suspicious mail
(most of Swen's have to do with MS), and delete them all at once with one
click.

The SOB who initiated this one deserves to be hanged. I originally thought
by the neck. I'm currently thinking about half way between there and his
ankles - and for a really extended time!






"Mark W. Oots" wrote in message
om...

"Wayne Harrison" wrote in message
...
calling all geeks! i am being nearly overwhelmed by emails from an
obviously sham microsoft announcement encouraging the recipient to open
an
attachment that no doubt contains a virus. the damn things are coming
in
at
the rate of about thirty an hour.

where does one go for a stop to this?

yfitons
wayno


I'm getting about 20 an hour and all on the account I use for
Usenet.....somebody opened something....

Mark

I tried that for a while, but I kept messing up, and people
and computers kept complaining that they couldn't get
through. I've been using email since about 1976 and I
find it hard to think along the lines of closing access to
a mailbox.

We're not worthy!
--
Frank Reid
Reverse email to reply

"Sierra fisher" wrote in message
...
Done, Thanks


"Stan Gula" wrote in message

Done as well, mad bad for not doin' this sooner!

Op

I have been getting the email that looks like an upgrade notice from MS for
at least 6 months. My virus checker told me that it was a virus, so I have
been deleting it unopened. Microsoft also came out with an announcement a
short while ago saying that they did not send upgrades via email. I don't
know if it was a precursor, but something like this has been around for some
time. I think that Swen has been around since before Sept 18. However some
change was made to make it a lotmore prevalent
"Oldfrat" wrote in message
nk.net...
Sure glad to see I'm not the only one getting this at the rate of about
20-30 an hour. Sure sorry I started posting here as I suspect that may be
what is causing it. But, heck, you all seem like nice folks, so I guess
it
is worth it. (???)

Totally lost productivity today as they were coming in faster than I could
delete them with the multiple clicks that requires on Norton Anti-virus.
And I had to spend a lot of time on chat with the folks in India who do
tech
support for Earthlink.

Here's what I've figured so far in hopes that it might help somebody.

This is the Swen worm. It started on 9/18. It comes in lots of messages,
most of which are so lame that you will immediately recognize it as a
hoax. But one version, complete with graphics, looks an awful lot like a
real message from Microsoft. That one version has turned this into the
fastest spreading virus ever. Google Swen worm and you'll now find a lot
of
info on it. (Unlike yesterday!)

All the major AV software makers now have updated patches and fixes for
it.
Update your AV definitions immediately and run a check on your machine.

I have yet to find a good way to block it. My best solution to date has
been to subscribe to Earthlink's Web Mail service. This lets me preview
my
in box before my Norton AV gets at it, check the boxes of suspicious mail
(most of Swen's have to do with MS), and delete them all at once with one
click.

The SOB who initiated this one deserves to be hanged. I originally
thought
by the neck. I'm currently thinking about half way between there and his
ankles - and for a really extended time!






"Mark W. Oots" wrote in message
om...

"Wayne Harrison" wrote in message
...
calling all geeks! i am being nearly overwhelmed by emails from an
obviously sham microsoft announcement encouraging the recipient to
open
an
attachment that no doubt contains a virus. the damn things are coming
in
at
the rate of about thirty an hour.

where does one go for a stop to this?

yfitons
wayno


I'm getting about 20 an hour and all on the account I use for
Usenet.....somebody opened something....

Mark






---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.520 / Virus Database: 318 - Release Date: 9/19/2003

where does one go for a stop to this?
yfitons
wayno
If you are a mainstream user, i.e. MS products for most of your system, then
the following might help. If you're a true geek and run linux, solaris or
some of the esoteric in-between OS's, then you probably already know this.
One way to slow these things down is to upgrade your systems with the latest
updates and patches. These worms and viruses exploit vulnerabilities that
have often been discovered and patched months ago. If you don't patch, then
you often become part of the problem. Don't just get the operating system
and browser patches, but try to patch the rest of your system (office suite,
antivirus, firewall, etc.). Secondly, try to work with your ISP. If they
don't and won't filter a lot of these viruses and worms, you may have to go
to another ISP. I have a smaller company than the big cable provider in the
area, but they are very good at pre-screening and blocking worms and
viruses.
Filters: There are a lot of them on the market. Some are integrated with
the email program, some are add-ons. Do some research, find the best one
for your type of environment.
Worms and system protection: Ensure you get a program with a registry
guard. This will stop all changes to your system registry unless you
specifically allow it from the keyboard. With 99% of these worms, in order
to affect your system, they must alter your registry. On my Windows XP box,
I use a program called "The Cleaner" from www.moosoft.com. It's fairly
inexpensive, but is very good at finding and stopping worms.
Firewalls: at least get one of the freebies like Zone Alarm. I use Black
Ice. It requires very little interaction and does not easily become a "fire
sieve."
Anti-virus: Update at the minimum, weekly. I go every two days. If yours
is getting long in the tooth, upgrade to one with one of the newer engines.
Ensure that it integrates with your email program. If it doesn't, its less
than useless.
Always on cable: turn off your modem when you're not at your system.
Dial-up: Yeh, you know you've got to watch out for email viruses, but don't
worry about the network worm attacks that a firewall prevents. You're not
on that long. Bull****. There are many hacker sites that tell the newbies
to practice on the AOL, Earthlink and other dial-up ISP's 'cause the users
think they're invulnerable.
Anyone have specific problems, they can email me off-line. I work in info
security. I may not know the right answer off the bat, but I can probably
find it for you.

--
Frank Reid, Certified Information Systems Security Professional
And yes, I'm certifiable.
Reverse email to reply

On Fri, 19 Sep 2003 03:07:51 GMT, "Wayne Harrison"
wrote:

where does one go for a stop to this?

http://www.mandrake-linux.com

Mike S. Medintz
"if one feels compelled to wear a sweatshirt over one's bikini for an
"after" pic, it's probably not really an after." -Sarah Jane, in m.f.w

"Greg Pavlov" wrote in message
...

Someone who has read this group daily for the past 2+ days
is infected, because I tried to create and use two new aliases
in the past 48 hours and both were compromised within 6 - 8
hours.


Actually it's worse than that. The latest report I read is that the worm
has a list of NNTP servers and it runs through all available newsgroups,
reads all posts within the past few days, and builds a list of email
addresses to send itself to. So, if you post to Usenet at all, with an
unmunged address, some infected computer, somewhere will grab your address
from a post and add you to the list. It's an automated address grabber like
the spammers use, only it keep on running. It also apparently sends
information back to several servers - maybe it's collecting addresses for
future use. I can't imagine how infected people don't notice the traffic
and overhead of this!

"rw" wrote in message
m...
The only "fix" for me is to go into Earthlink's Webmail and delete the
messages on the server.

rw,
How does that help? Why don't you doctor your address?
Ernie

Stan Gula wrote:

Actually it's worse than that. The latest report I read is that the worm
has a list of NNTP servers and it runs through all available newsgroups,
reads all posts within the past few days, and builds a list of email
addresses to send itself to. So, if you post to Usenet at all, with an
unmunged address, some infected computer, somewhere will grab your address
from a post and add you to the list. It's an automated address grabber like
the spammers use, only it keep on running. It also apparently sends
information back to several servers - maybe it's collecting addresses for
future use. I can't imagine how infected people don't notice the traffic
and overhead of this!

FWIW, I just talked to Earthlink support. They say there's nothing they
can do about it. I suggested blocking all messages that are 141KB or
142KB. That would work, but they can't "censor" mail. Well, they can
damn well give their customers the wherewithall to censor their own mail
by message size.

The only "fix" for me is to go into Earthlink's Webmail and delete the
messages on the server.