On Sun, Sep 21, 2003 at 08:15:53PM -0700, Kevin Buhr wrote: > Bill Moseley <moseley@hank.org> writes: > > > > I'm curious why I'm getting so many of these viruses sent to me. On > > various technical lists I've read of lots of people that are getting > > hammered by the mail, too. > > At least one technical description of Swen (which I can no longer > find) states that, in addition to spreading by *posting* Usenet > articles, Swen also collects addresses from recent Usenet posts. A > "strings" search shows that Swen is set up to issue "HEAD" and > "NEWNEWS" commands to news servers. It wouldn't need to do this to > post, only to collect recently used addresses, so it seems likely this > is correct information. > > Note that this list is echoed to the Usenet group "linux.debian.user" > on many servers, so anyone posting here is probably getting lots of > copies. FWIW I've just received something that claims to be a bounce message from which swen has been stripped. Out of 66 addresses in the original To: field, 50 are from debian-user. -- Pigeon Be kind to pigeons Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x21C61F7F
Attachment:
pgpTao4EcWhtV.pgp
Description: PGP signature