Re: Why such volume with W32/Swen@MM?

To: Bill Moseley <moseley@hank.org>
Cc: debian-user@lists.debian.org
Subject: Re: Why such volume with W32/Swen@MM?
From: Chad M Stewart <cms@balius.com>
Date: Sun, 21 Sep 2003 09:43:01 -0400
Message-id: <[🔎] 84B95DF8-EC39-11D7-B36A-000A959CF11A@balius.com>
In-reply-to: <[🔎] 20030921014918.GB17146@hank.org>

I'm finding similar things here. I've had my domain a number of yearsand this is the first time I've been affected by an M$ email worm.Usually I sit back and laugh, but not this time. I'm new to thedebian-* lists and recently posted for the first time. All of thecopies of the virus have been to a single email of mine, the addresswhich I'm sending from now. Nor have I gotten a single copy of this atwork, which I've had for 3+ years. Though I've never posted to usenetor debian lists using that address. Though I do post regularly to apublic mailing list via work and home, though it is not relayed tousenet.

I've also got my wife, mother, and brother-in-law on my mail server,they have gotten *zero* copies of this virus.

Reading what others have been reporting, I'm really starting to suspectdebian-* lists, or more likely the usenet copy of such data, as beingthe source for getting recipients.

I also wonder if some of the zombies that spammers use to blast outmsgs might have been compromised by this virus as well.

I'm really thinking about the passive OpenBSD firewall option to blockWindoze machines from talking to my SMTP server. :-)


Regards,
Chad



On Saturday, September 20, 2003, at 09:49  PM, Bill Moseley wrote:

I'm curious why I'm getting so many of these viruses sent to me.  On
various technical lists I've read of lots of people that are getting
hammered by the mail, too.

From the descriptions I've read of W32/Swen@MM it mails itself to
"recipients extracted from the victim machine", yet I'm seeing so many
of these to my personal email address alone that I can't believe my
address is listed on that many machines.  Today I got about 300 alone

send to just one address. Other's I've talked with about this(non-geek

internet users) are not seeing so much of the virus, if at all.

The viruses are all coming from Windows machines, right?  It just seems
odd that my address would be on that many (cluelessly-run)  Windows
machines considering what lists I'm on.

I'm also not on IRC or any of the other ways for it to spread.

Anyone getting hit hard by this and understand why?


--
Bill Moseley
moseley@hank.org


--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org

with a subject of "unsubscribe". Trouble? Contactlistmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Why such volume with W32/Swen@MM?
  - From: Pigeon <jah.pigeon@ukonline.co.uk>

References:
- Why such volume with W32/Swen@MM?
  - From: Bill Moseley <moseley@hank.org>

Prev by Date: Re: Flash plug-in hangs Mozilla (sid)
Next by Date: OT: An Open Call to Developers
Previous by thread: Re: Why such volume with W32/Swen@MM?
Next by thread: Re: Why such volume with W32/Swen@MM?
Index(es):
- Date
- Thread