Re: Why such volume with W32/Swen@MM?
On (21/09/03 00:13), Greg Folkert wrote:
> Subject: Re: Why such volume with W32/Swen@MM?
> From: Greg Folkert <greg@gregfolkert.net>
> To: DebianUser list <debian-user@lists.debian.org>
> Date: Sun, 21 Sep 2003 00:13:46 -0400
>
> On Sat, 2003-09-20 at 21:49, Bill Moseley wrote:
> > I'm curious why I'm getting so many of these viruses sent to me. On
> > various technical lists I've read of lots of people that are getting
> > hammered by the mail, too.
> >
> > >From the descriptions I've read of W32/Swen@MM it mails itself to
> > "recipients extracted from the victim machine", yet I'm seeing so many
> > of these to my personal email address alone that I can't believe my
> > address is listed on that many machines. Today I got about 300 alone
> > send to just one address. Other's I've talked with about this (non-geek
> > internet users) are not seeing so much of the virus, if at all.
> >
> > The viruses are all coming from Windows machines, right? It just seems
> > odd that my address would be on that many (cluelessly-run) Windows
> > machines considering what lists I'm on.
> >
> > I'm also not on IRC or any of the other ways for it to spread.
> >
> > Anyone getting hit hard by this and understand why?
> I am averaging about 4 swen mails every 3 minutes. I have had one minute
> get 17 swen mails. A few minutes ago I got 122 swen mails in 10 minutes.
>
> It's pretty wide-spread... I have heard ~1.5Million Windows machine are
> infected... (I think I have gotten at least one from every infected
> machine) but I'd think there are far more Clue-needed (l)users than we
> can care to count.
>
> The worst isn't over yet, some believe a secondary payload...
>
> Let's hope not.
I've just received one with what looks like all the debian-powerpc list
addresses in the "To" header. So it does look as though they are
harvesting the Debian lists.
My partner who runs Windows 98 and has the same email domain, hasn't
received any ..... There's no justice ;)
Regards
Clive
Reply to: