Re: Why such volume with W32/Swen@MM?

To: debian-user@lists.debian.org
Subject: Re: Why such volume with W32/Swen@MM?
From: Pigeon <jah.pigeon@ukonline.co.uk>
Date: Sun, 21 Sep 2003 05:08:02 +0100
Message-id: <[🔎] 20030921040801.GA302@pigeon.pigeonloft>
In-reply-to: <[🔎] 20030921014918.GB17146@hank.org>
References: <[🔎] 20030921014918.GB17146@hank.org>

On Sat, Sep 20, 2003 at 06:49:18PM -0700, Bill Moseley wrote:
> I'm curious why I'm getting so many of these viruses sent to me.  On
> various technical lists I've read of lots of people that are getting
> hammered by the mail, too.
> 
> From the descriptions I've read of W32/Swen@MM it mails itself to 
> "recipients extracted from the victim machine", yet I'm seeing so many 
> of these to my personal email address alone that I can't believe my 
> address is listed on that many machines.  Today I got about 300 alone 
> send to just one address.  Other's I've talked with about this (non-geek 
> internet users) are not seeing so much of the virus, if at all.
> 
> The viruses are all coming from Windows machines, right?  It just seems 
> odd that my address would be on that many (cluelessly-run)  Windows 
> machines considering what lists I'm on.
> 
> I'm also not on IRC or any of the other ways for it to spread.
> 
> Anyone getting hit hard by this and understand why?

Well, here's my shaky hypothesis...

Two observations:

1) Googling for my email address reveals that most of the spammers who
spam me must be harvesting it from this list or one or two other Linux
lists.

2) Since swen started up, I've been deleting a few hundred 150k mails
a day from the POP3 server; of those that are still downloaded,
spambayes is dropping about the same number of mails in my spambox as
usual, but instead of being mostly Nigerian scams and penis
enlargement ads (and why send such a thing to a pigeon? :-) ) they're
now mostly the virally-generated spurious "bounce" messages.

Since "wanted" email both in and out seems to be working perfectly
normally, I don't think the volume of swens has swamped the servers
and stopped the "ordinary" spam getting through. But, maybe, swen has
hit - or even was targeted at - the spammers, and their boxes are
sending out 150k mails so fast that they can't get any bandwidth to
download removal tools...? Which would be kind of amusing, if it's true.

-- 
Pigeon

Be kind to pigeons
Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x21C61F7F

Attachment: pgpQIhe476Clm.pgp
Description: PGP signature

Reply to:

References:
- Why such volume with W32/Swen@MM?
  - From: Bill Moseley <moseley@hank.org>

Prev by Date: Re: Why such volume with W32/Swen@MM?
Next by Date: RE: With newer chipsets, is ECC memory slower ? Worth the penalty ?
Previous by thread: Re: Why such volume with W32/Swen@MM?
Next by thread: Re: Why such volume with W32/Swen@MM?
Index(es):
- Date
- Thread