Re: Swen Virus
From: N. Miller (koko_at_soko.invalid)
Date: 09/26/03
- Next message: N. Miller: "Re: Swen Virus"
- Previous message: Phil Weldon: "Re: Another Swen post, Please don't execute !"
- In reply to: Paul Sweeney: "Swen Virus"
- Next in thread: Paul Sweeney: "Re: Swen Virus"
- Reply: Paul Sweeney: "Re: Swen Virus"
- Reply: Phil Weldon: "Re: Swen Virus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 26 Sep 2003 13:23:35 -0700
In article <0e3601c383d7$2794db20$a401280a@phx.gbl>, pauljs1@optonline.net
says...
> ...my question is if
> there is any kind of resource available to help me track
> down where these are coming from??? I can get the header
> info, but it's tough to follow. The problem is serious
> because my ISP provider uses web mail and I download it
> via Outlook 2002, but my web inbox is getting about 180
> of these every single day!
Your problem stems from having used a working address to post to a public
news group. I have known, since three years ago, that spammers harvest NNTP
posted email addresses in the "From:" line of posts. Now along comes Swen,
which even grabs email addresses from the "Reply-To:" line of posts. Nothing
much that you can do about it now, unless you wish to change your address.
Actually, chasing the offender may be both easy, and hard. Check the
"Return-Path:" email address in your headers against the "Received:" line
which records the receipt of the message by your provider. Every Swen email
I have checked matches; with Klez, they never matched. If the domain name in
the email address is consistent with the sending server, try sending an
email to that address.
But, this is where the "hard" comes in. Every message that I have sent has
bounced off of a full account. I still can't confirm that the "Return-Path:"
address is the actual source of Swen. I am guessing that the address was
used in an NNTP post by the owner, that he is getting swamped, as you are,
and that he almost certainly was suckered in by the forgery, and infected
himself; and is probably blithely unaware that he is infected. Or the
address was forged, and the poor sap is getting bounces back to his address
from automated systems that don't care if it is a forgery.
I have only sent three manual requests for confirmation from the account
owner; all have bounced off of full mailboxes, and I am reluctant to send a
response to any more, lest I be contributing to the problems of the account
owners.
-- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint
- Next message: N. Miller: "Re: Swen Virus"
- Previous message: Phil Weldon: "Re: Another Swen post, Please don't execute !"
- In reply to: Paul Sweeney: "Swen Virus"
- Next in thread: Paul Sweeney: "Re: Swen Virus"
- Reply: Paul Sweeney: "Re: Swen Virus"
- Reply: Phil Weldon: "Re: Swen Virus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
