Re: Sorry OT post meant for Phil Weldon not Bruce

From: Pam (phfloresatverizondotnet)
Date: 09/17/05


Date: Fri, 16 Sep 2005 19:43:06 -0700


"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:OH$Gv4vuFHA.3124@TK2MSFTNGP12.phx.gbl...
> From: "Phil Weldon" <notdiscosed@example.com>
>
>
> | _____
> |
> | Certainly 'Swen' is not off topic in this newsgroup. An oldie, but real
> | baddie.
> |
> | Note: 'Swen' was a worm that was released in September 2003 that, among
> | other things, harvested email addresses from posts to Usenet Newsgroups
> | directly from Usenet newsgroup servers, then used these as 'to' and
> spoofed
> | 'from' addresses. The infective package was just over 100 KBytes. It
> | caused no damage other than clogging the internet, slowing down infected
> | systems, and blocking legitimate email when the flow was sufficient to
> fill
> | email boxes ( 100 'Swen' mail filled a 10 MByte mailbox.) It could have
> | been a lot worse, and, I think, was a wake-up call to ISPs, causing them
> to
> | accelerate plans to scan email for infections.
> |
>
> < snip >
>
> Just to add to the above...
>
> Not only will Swen use its own engine to email itself to harvested email
> addresses but it
> has a list of UseNet News Group and will use its own engine to post itself
> as "patches" to
> the selected UseNet News Groups.
>
> In addition is presumed that Swen is called "swen" becuase it is "news"
> spelled backwards.
>
> W32/Swen@MM - http://vil.nai.com/vil/content/v_100662.htm
>
> W32.Swen.A@mm -
> http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm

Dave: Thanks to you as well on the info... I also got alot of the bogus MS
patch emails, but like all the rest they were immediately quarantined, or I
would delete them from the server level and not download them, because I
certainly could spot them immediately.

I haven't had any computer problems
viral/scumware/malware/adware/trojan/etc.but just in case I've had your
above links saved, for some time, if I should ever need them. Thanks for
providing all of us with you expertise. I'm one of those people that
updates to the latest versions on AdAware, Spybot, keep Antivirus, Firewall,
and MS patches up to date without fail, and run bi-weekly scans on those
that apply, plus cleaning the temp files etc.

Thanks,
Pam
>
>