Re: Email Worm
From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 12/09/03
- Next message: David H. Lipman: "Re: Strange malicious script/spyware dropper/virus DOService"
- Previous message: AJM: "trojan.spy.wesbar"
- In reply to: S.M.G.: "Email Worm"
- Next in thread: Veronica Loell: "Re: Email Worm"
- Reply: Veronica Loell: "Re: Email Worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 9 Dec 2003 06:35:46 -0500
It is the Dumaru worm. http://vil.nai.com/vil/content/v_100560.htm
There are several Internet worms masquerading as Microsoft patches. The most common are;
Swen, Dumaru, Gibe and Torvil. There are also viruses that masquerade as Symantec patches
and as something related to PayPal.
The Swen is the most prevalent and is News spelled backwards. The reason it has this name
is because this worm has its own engine to post itself to UseNet News Groups as well as
harvest email addresses found in UseNet posts. When the Swen worm harvests email addresses
from
UseNet it uses its own engine to send itself via email to the harvested email addresses.
All you can do is...
1. Keep your AV package up-to-date
2. Create email "rules" to auto-delete the offending messages
3. Petition your ISP to install AV software on their respective email servers.
4. Change your email address
5. Install *all* Critical Updates via the Windows Update web site.
Dave
"S.M.G." <anonymous@discussions.microsoft.com> wrote in message
news:0ce001c3be43$927a9820$a301280a@phx.gbl...
| I tried unsuccessfully to report this via feedback from
| Hotail Home.
|
| This is not a complaint; I want to REPORT A BAD EMAIL I
| received in my inbox:
|
| From : Microsoft <security@microsoft.com>
| Sent : Monday, December 8, 2003 8:48 PM
| To : <smgresko@hotmail.com>
| Subject : Use this patch immediately !
|
| | | Inbox
|
| Hotmail has permanently blocked the following potentially
| unsafe attachment(s): patch.exe (13 KB) More Info...
|
| Dear friend , use this Internet Explorer patch now!
| There are dangerous virus in the Internet now!
| More than 500.000 already infected!
|
| I copied and pasted it here; I am not sure who to report
| this to, but decided to do this now.
|
| Hotmail did permanently block the attachment, so this is
| probably unnecessary; I figured it couldn't hurt anything
| to send notification anyway. There are MANY users who
| would (try) open this: I am aware enough to know
| better.
- Next message: David H. Lipman: "Re: Strange malicious script/spyware dropper/virus DOService"
- Previous message: AJM: "trojan.spy.wesbar"
- In reply to: S.M.G.: "Email Worm"
- Next in thread: Veronica Loell: "Re: Email Worm"
- Reply: Veronica Loell: "Re: Email Worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
