Re: Swen in email headers?

From: Phil Weldon (notdisclosed_at_example.com)
Date: 02/20/04 

Date: Fri, 20 Feb 2004 19:13:59 GMT

The swen infective package is an attachment about 140 KBytes long (though
there is a version out there that compresses the attachment to less than 100
KBytes.) There is an exploit in the header that can make use of a security
problem (unchecked buffer) in some unpatched versions of Internet Explorer
to open the attachment automatically, but that is not the infective package,
probably is not unique to swen, and does not contain the virus signature
that most antivirus programs check. Maybe Trend Micro Internet Security
does look for the exploit. Why don't you ask them?

Outlook downloads the entire message, it just does not display the message
until you either open the message or have the preview pane activated.
Mailwasher obviously downloads more than just the headers, otherwise the
filters would not have enough information to block some messages. Why don't
you check how many lines your Mailwasher filters are set to download? 

-- 
Phil Weldon, pweldonatmindjumpdotcom
For communication,
replace "at" with the 'at sign'
replace "mindjump" with "mindspring."
replace "dot" with "."
"ah" <anonymous@discussions.microsoft.com> wrote in message
news:eyT0Ly99DHA.1816@TK2MSFTNGP12.phx.gbl...
> This morning, as soon as I downloaded my message headers in Mailwasher, I
> had a warning from Trend Micro Internet Security saying that WORM_SWEN.A
had
> been intercepted.
>
>
>
> I do not download directly my email into my laptop.  I use Mailwasher to
> download the headers (and this software offers the possibility to read the
> first lines of the messages so I suppose that it downloads the text).  I
> also only download the headers with Outlook 2003 and decide or not to
> download the message if it looks safe.
>
>
>
> How can this happen as I did not even preview any of the messages?
> -- 
> ah
> ahaye@nospam.net
> To contact me replace nospam by fsmail
>
>

Relevant Pages

  • Re: Xnews out of memory problem
    ... Xnews out of memory problem ... I'm faced with a new woe: due to the large amount of headers ... that I need to download (which sometimes number over 10 ... but it seems to me that Xnews makes ...
    (news.software.readers)
  • Re: Problem Updating New Messages from NTTP News Server OE
    ... > as far as I know and he doesn't have a server in his setup. ... download the answer to a problem he had posted in the Outlook group and I had seen the answer almost immediately on July 1. ... sure how taking the check out of the download headers boxes would have helped. ... pane 3) Get headers at a time 4) No check in mark all messages as read when exiting newsgroup ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: Server Side filtering (as pertains to Google Groups)
    ... headers are included in the overview headers, ... don't need a proxy to filter on that header). ... The effect is to retrieve bodies only for articles whose headers have ... the user can choose to download it or not. ...
    (news.software.readers)
  • Re: OT Agent 3.2 released
    ... that costs 15 bucks and downloads only headers and a few lines ... I did use Mailwasher for a while, until I figured out that it wasn't saving ... messages you want to download. ... Filtering is a different matter. ...
    (rec.outdoors.rv-travel)
  • Re: new to ng
    ... > dialog box asking if you want the macro to run, ... downloads email headers ... I don't download any email in Outlook Express ... > first checked out with Magic Mail Monitor, ...
    (microsoft.public.windowsxp.general)