Note on Swen from a newbie victim
From: Charles Packer (mailbox_at_cpacker.org)
Date: 09/27/03
- Next message: cquirke: "Re: Linux is as buggy as Windows"
- Previous message: Tore Lund: "Re: More Blathering"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 27 Sep 2003 06:10:00 -0700
I'm new to virus attacks, and my take on them is somewhat different,
because I don't use Windows and because e-mail isn't so important
to me. The current blitz from Swen has piqued my curiosity more than
fueled a rage.
I use Linux and read my e-mail from a Web-based service maintained
my by Web-hosting site, so my machine won't be infected by the
currently fashionable vehicles. But the Swen worm running elsewhere
has found my e-mail address, almost certainly from my Usenet postings.
I've had to abandon that address, I hope temporarily. I phoned the
two relatives with whom I correspond regularly and told them not to
send me e-mail for the time being, as I'm now deleting the mail file
from my Web-hosting service daily via ftp. The worm-sent messages
use up my free disk space there in a short time.
However, closing that mailbox and opening a private one will be
the option of last resort after I've learned everything I can
from the attack.
Does the worm run continuously on an infected machine and send
repeatedly to its targets? The writeup at F-Secure,
http://www.f-secure.com/v-descs/swen.shtml
doesn't say. I'm wondering if I'm the target of one or a few
machines hitting me repeatedly or simply being bombarded from
everywhere randomly. Will the arrival times of the messages or
other aspects of the headers provide any clues? If it's random,
I guess I should see an exponential decline in traffic over time
as infected machines net-wide are cleaned up.
- Next message: cquirke: "Re: Linux is as buggy as Windows"
- Previous message: Tore Lund: "Re: More Blathering"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
