Re: Why such volume with W32/Swen@MM?
Bill Moseley <moseley@hank.org> writes:
>
> I'm curious why I'm getting so many of these viruses sent to me. On
> various technical lists I've read of lots of people that are getting
> hammered by the mail, too.
At least one technical description of Swen (which I can no longer
find) states that, in addition to spreading by *posting* Usenet
articles, Swen also collects addresses from recent Usenet posts. A
"strings" search shows that Swen is set up to issue "HEAD" and
"NEWNEWS" commands to news servers. It wouldn't need to do this to
post, only to collect recently used addresses, so it seems likely this
is correct information.
Note that this list is echoed to the Usenet group "linux.debian.user"
on many servers, so anyone posting here is probably getting lots of
copies.
I've gotten 3400 since I started keeping track Thursday at 1:00pm PDT
(all dutifully discarded by "procmail"). That doesn't include the 350
or so copies that have been stripped of the executable attachment by
antivirus software or the copies that appear to simply be missing the
attachment without evidence of being actively cleaned by anything (a
bug in Swen, perhaps?).
--
Kevin <buhr@telus.net>
Reply to: