If you are receiving bounced emails, that would indicate that another user
is infected and their infection has put your name in the From address being
sent from that machine. If you're only getting copies addressed to you,
someone infected has your address on their machine, or from a NG if you have
recently posted using your correct address. Once infected, the code gets
addresses from several sources including address book, mail files, and NGs.
*********************
Quite possible, but I have not encountered it yet!
*********************
My thoughtful ISP, ATT, has blocked exe and other executables from being
sent out as attachments - but not inbounds. I have read that some people
are using a program like
http://www.mailwasher.net/ to filter the mails at
the server level. I suggest taking the time to send complaints to
abuse@____, even if it is only for a sampling when the first header (bottom
to top) appears to be from the same source.
**********************
The Swen virus always seems to be sent through legitimate mail servers in
pairs. When the virus first appeared on the scene, I was getting about 500/day.
Now it is down to around 100/day. If you examine the source header, you will
likely find that every pair originates from a different IP address, and
possibly routed through different mail servers.
Of the 120 that I received on the 20th, all were sent through legitimate mail
servers, and each one was used no more than twice (some only once). Blocking
that many different servers is out of the question, so the only alternative is
to block it based upon content. From day one, our filtering service has blocked
every one of these, and every day there are about half a dozen messages from
mail servers where it was blocked at source.
J.A. Coutts
Systems Engineer
MantaNet/TravPro