Re: Note on Swen from a newbie victim

• Previous message: Tony: "Permissions"
• In reply to: Charles Packer: "Note on Swen from a newbie victim"
• Next in thread: Charles Packer: "Re: Note on Swen from a newbie victim"
• Reply: Charles Packer: "Re: Note on Swen from a newbie victim"
• Reply: Dave: "Re: Note on Swen from a newbie victim"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 27 Sep 2003 14:58:47 GMT

On 27 Sep 2003 06:10:00 -0700, Charles Packer wrote:
> I'm new to virus attacks, and my take on them is somewhat different,
> because I don't use Windows and because e-mail isn't so important
> to me. The current blitz from Swen has piqued my curiosity more than
> fueled a rage.
>
> I use Linux and read my e-mail from a Web-based service maintained
> my by Web-hosting site, so my machine won't be infected by the
> currently fashionable vehicles. But the Swen worm running elsewhere
> has found my e-mail address, almost certainly from my Usenet postings.
> I've had to abandon that address, I hope temporarily.

I have yet to receive one on 6 email address.

> I phoned the
> two relatives with whom I correspond regularly and told them not to
> send me e-mail for the time being, as I'm now deleting the mail file
> from my Web-hosting service daily via ftp. The worm-sent messages
> use up my free disk space there in a short time.

I never post my email on usenet.
Email name contains numbers and/or underscores.
I never pick an email found with a search engine.

I tell everyone I give an email address to, "Do not put my email
address in their email address book, write it down or put in a file".
Viruses read those email address book files.

Do not give my email address to anyone, email me who wants it and I
will send it with the rules.

Do not use my email address anywhere unless you are sending me an
email, no joke, gretting card, mail to someone, web page.

I give trash email addresses to ebusinesses.

Check if your ISP account/profile to see if there is a check box about sharing
your info amoung their business partners.

> However, closing that mailbox and opening a private one will be
> the option of last resort after I've learned everything I can
> from the attack.
>
> Does the worm run continuously on an infected machine and send
> repeatedly to its targets?

Does it matter, we are still getting stuff from code red attempts and
old viruses.

Look on http://www.dshield.org/ click other in the map and you will see
SubSeven running 6'th place.

Can you imagine what will happen Christmas Day with the new computer
as presents. :(

New people/mschines comming on line will probably be infected
before they get through loading patches and rebooting systems.

• Previous message: Tony: "Permissions"
• In reply to: Charles Packer: "Note on Swen from a newbie victim"
• Next in thread: Charles Packer: "Re: Note on Swen from a newbie victim"
• Reply: Charles Packer: "Re: Note on Swen from a newbie victim"
• Reply: Dave: "Re: Note on Swen from a newbie victim"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]