[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Swen, again (was Re: spam microsoft)



on Wed, Nov 26, 2003 at 11:20:04PM +0000, Robin Gerard (robin.jag@free.fr) wrote:
> Hello,
> microsoft sends me five spam of 160 000 bytes in my box and when I run
> host I receive the message: address not exists.
> If the adress exists I put it in my file hosts.allow but without success.
> I don't know if smtp-refuser works fine ?
> 
> the strange addreses are:
> 
> enzjsso@advisor.com
> mcdkm_wgoxshsqqx@technet.com
> sideduz-wzpii@updates.com
> byyyfuij-jjmckxpo@updates.microsoft.com
> retebbz_wgyrsolg@support.ms.net
> 
> I can delete this spams on my server (free.fr), with telnet manualy but, is it 
> possible to write a script to automate this work ? 
> (perhaps perl is my friend ....?) 
> 
> Thanks in advance for any help and advises.

140k executable attachments?  That's the Swen viral mail:

    http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html
    http://www.f-secure.com/v-descs/swen.shtml
    http://reviews-zdnet.com.com/4520-6600_16-5078666.html
    http://www.itd.umich.edu/news/2003fall/09252003a.html
    http://www.google.com/search?q=swen+virus

List archives (may still be offline) have much discussion of this since
September 19, 2003, when it first appeared.

If you simply want to delete the mail, do so.

Those who use directory-based mailbox formats can use the reporting
scripts below to LART admins at the originating ISP.  Note that these
are works in progress.  Comments inline.

    http://kmself.home.netcom.com/Download/reportSwen
    http://kmself.home.netcom.com/Download/fqdn2domain


Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    Bush/Cheney '04: Lies and videotape but no sex!

Attachment: pgppTRiksAWJg.pgp
Description: PGP signature


Reply to: