on Wed, Nov 26, 2003 at 11:20:04PM +0000, Robin Gerard (robin.jag@free.fr) wrote: > Hello, > microsoft sends me five spam of 160 000 bytes in my box and when I run > host I receive the message: address not exists. > If the adress exists I put it in my file hosts.allow but without success. > I don't know if smtp-refuser works fine ? > > the strange addreses are: > > enzjsso@advisor.com > mcdkm_wgoxshsqqx@technet.com > sideduz-wzpii@updates.com > byyyfuij-jjmckxpo@updates.microsoft.com > retebbz_wgyrsolg@support.ms.net > > I can delete this spams on my server (free.fr), with telnet manualy but, is it > possible to write a script to automate this work ? > (perhaps perl is my friend ....?) > > Thanks in advance for any help and advises. 140k executable attachments? That's the Swen viral mail: http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html http://www.f-secure.com/v-descs/swen.shtml http://reviews-zdnet.com.com/4520-6600_16-5078666.html http://www.itd.umich.edu/news/2003fall/09252003a.html http://www.google.com/search?q=swen+virus List archives (may still be offline) have much discussion of this since September 19, 2003, when it first appeared. If you simply want to delete the mail, do so. Those who use directory-based mailbox formats can use the reporting scripts below to LART admins at the originating ISP. Note that these are works in progress. Comments inline. http://kmself.home.netcom.com/Download/reportSwen http://kmself.home.netcom.com/Download/fqdn2domain Peace. -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What Part of "Gestalt" don't you understand? Bush/Cheney '04: Lies and videotape but no sex!
Attachment:
pgpWvDNNHPPgt.pgp
Description: PGP signature