Re: swen and direct nntp-harvesting
From: Pam (pfloresnospamatcharterdotnet)
Date: 10/11/03
- Next message: Me2: "Re: A 6% fix from Microsoft Security Bulletin MS03-040 - 828750"
- Previous message: J9: "W32.Swen.A@mm"
- In reply to: Bill Sanderson: "Re: swen and direct nntp-harvesting"
- Next in thread: Larry Samuels MS-MVP XP \(Shell/User\): "Re: swen and direct nntp-harvesting"
- Reply: Larry Samuels MS-MVP XP \(Shell/User\): "Re: swen and direct nntp-harvesting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 10 Oct 2003 15:45:45 -0700
Larry: All this time I thought that munging was enough, and it wasn't
necessary to include specific words to prevent the worm from fetching your
address. Do you think this is why I still get swen mail? I don't know
anyone who has this worm, and has my email address on their computer, and I
don't have this worm, so does that explain why the mail has increased, my
munging is insufficient??? I did post my real email add once, so I thought
it was all coming from that. However, the swen mail stopped completely
several times, then got much worse last Sunday, for some reason Where have
you been during all this munging discussion ;-)) Thanks for the info...
~Pam
"Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message
news:OZfUHs3jDHA.2416@TK2MSFTNGP10.phx.gbl...
> My munge doesn't include anything I would expect to be in an exception
key,
> and it has worked fine.
>
> "N. Miller" <koko@soko.invalid> wrote in message
> news:MPG.19f0bbcef04b30019897ec@msnews.microsoft.com...
> In article <eqhVkz1jDHA.1948@TK2MSFTNGP12.phx.gbl>, lista-nospam@nakawe.se
> says...
> > Well, I "munged" my address 3 days ago. Since I have my own domain and a
> > catchall spam-account where all not otherwise deliverd email is
> > forwarded to I would have expected to see some SWEN-emails by now. Alas
> > 'inte ett endaste jävla swen-virus ebrev så långt ögat ser'... For you
> > non-swedish speakers (can't believe there are any of course ;)), not 1
> > single swen-email has arrived in my crap-box...
> >
> > Not having analyzed the virus, I will not say that the virus does not
> > have an NNTP engine as well as an SMTP one but... if it does harvests
> > automatically by an NNTP-engine then I would have expected to have
> > recieved at least 2???
>
> Every email address I had vulnerable to the Swen messages is getting hit,
> except for two; each, like your new munge, incorporates the word "spam" in
> it. The older one was accidental, in a way; I set it up as a spam
reporting
> account, and called it, "antispam". The other, newer one, I set up for use
> here after testing with a different username failed. I aliased
> "2003ms09@localdomain.invalid" to a local account. I have since unaliased
> it, but the hits keep coming. They are rejected with "550 Address
> <2003ms09@localdomain.invalid> not known".
>
> Hmmm. I wonder if "Swen.B" will change things...assuming the author left
> those exceptions to avoid infecting himself, if he does make a change, he
> may leave a different exception word to key on.
>
> --
> Norman
> ~Win dain a lotica, En vai tu ri, Si lo ta
> ~Fin dein a loluca, En dragu a sei lain
> ~Vi fa-ru les shutai am, En riga-lint
>
>
- Next message: Me2: "Re: A 6% fix from Microsoft Security Bulletin MS03-040 - 828750"
- Previous message: J9: "W32.Swen.A@mm"
- In reply to: Bill Sanderson: "Re: swen and direct nntp-harvesting"
- Next in thread: Larry Samuels MS-MVP XP \(Shell/User\): "Re: swen and direct nntp-harvesting"
- Reply: Larry Samuels MS-MVP XP \(Shell/User\): "Re: swen and direct nntp-harvesting"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
