Worm.Automat.AHD

[Bill]

Since yesterday I been flooded with unsolicited E-mails with dozens of
different titles. 854 messages yesterday and 470 so far today.

The only common thread is they all say they have been processed by
Brightmail and tell me I have been infected by Worm.Automat.AHB.

Fortunately it is only a pest and does not effect my computer in any way
other than bogging me down with unwanted E-mails.

Does anyone know how to get rid of this??

 

[optikl]

Since yesterday I been flooded with unsolicited E-mails with dozens of
different titles. 854 messages yesterday and 470 so far today.

The only common thread is they all say they have been processed by
Brightmail and tell me I have been infected by Worm.Automat.AHB.

Fortunately it is only a pest and does not effect my computer in any way
other than bogging me down with unwanted E-mails.

Does anyone know how to get rid of this??

There's nothing you personally can do anything about, other than not execute
the attachments. Appears to be a variant of SWEN. Have a coffee and
cigarette and forget about it.

 

[DL]

I have the same problem and I run the fix by Norton but it was of no help!
The same type of emails
are coming and coming, the norton antivirus finds them and put in
quarantine, then I delete them and then
new emails are coming again. When I run the fix swen program it found no
virus.
I think we should wait for a better fix. In the meantime perhaps is better
to close the email program.
good luck
Dimitris

 

[Adam Russell]

Since yesterday I been flooded with unsolicited E-mails with dozens of
different titles. 854 messages yesterday and 470 so far today.

The only common thread is they all say they have been processed by
Brightmail and tell me I have been infected by Worm.Automat.AHB.

Fortunately it is only a pest and does not effect my computer in any way
other than bogging me down with unwanted E-mails.

Does anyone know how to get rid of this??

If you use OE you can make a rule that any message that is not addressed to
your specific email address be deleted. That is if you only use one
address. Works for me. I don't understand why emails would be delivered to
me in the first place if it doesn't have my name on it, but there you go.

 

[Jonathan Burrows]

I too am getting these and others like it - they come from two sources it
appears. Perhaps you should check yourself where they come from. If you
are using Outlook youcan go to View>>Options to view the header information.
In Outlook Express you can see this from File>>Properties and Details to see
the same. I have sent emails to each of the domains listed by finding out
their information from the WHOIS database (not that it will do any good).
Here are two examples of the header information - I bet yours are similar!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Received: From bimba.bezeqint.net [192.115.106.39] by
mailserver10.fasthosts.co.uk
(Matrix SMTP Mail Server v(1.4)) ID=067FCD8D-5238-43EA-8E4C-50ADAFA3971B
; Sun, 21 Sep 2003 18:33:54 +0100
Received: from hhmsyuy (bzq-219-232-200.pop.bezeqint.net [62.219.232.200])
by bimba.bezeqint.net (Bezeq International SMTP out Mail Server) with SMTP
id DFB8F766; Sun, 21 Sep 2003 20:18:47 +0300 (IDT)
From: "Internet Security Division" <[email protected]>
To: "Commercial Customer" <[email protected]>
SUBJECT: Latest Internet Critical Patch
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="ynpxfnrlzzlynda"
Message-Id: <[email protected]>
Date: Sun, 21 Sep 2003 20:18:47 +0300 (IDT)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Or this:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Received: From vsmtp3.tin.it [212.216.176.223] by
mailserver08.fasthosts.co.uk
(Matrix SMTP Mail Server v(1.4)) ID=8DFD3E64-B414-4E5C-B4BC-C5EEB37385D8
; Sun, 21 Sep 2003 18:06:09 +0100
Received: from hvfip (80.180.80.160) by vsmtp3.tin.it (7.0.019)
id 3F4F1DDF008B731D; Sun, 21 Sep 2003 18:58:48 +0200
Date: Sun, 21 Sep 2003 18:58:48 +0200 (added by (e-mail address removed))
Message-ID: <[email protected]> (added by
(e-mail address removed))
FROM: "MS Network Delivery Service" <[email protected]>
TO: "Internet Client" <[email protected]>
SUBJECT: Returned Mail: Returned To Mailer
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="zwimlilnlpcrybb"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Anyway, surely we don't have to be complacent to this sort of thing???? It
is annoying and to those of us with good Anti Virus (up-to-date ones at
that), it is an anoyance only, to others though it is a pain in the nect if
they get caught by it.

Regards

Jonathan Burrows

 

[FromTheRafters]

Since yesterday I been flooded with unsolicited E-mails with dozens of
different titles. 854 messages yesterday and 470 so far today.

It's because of the swen.a worm everybody is talking about.

The only common thread is they all say they have been processed by
Brightmail and tell me I have been infected by Worm.Automat.AHB.

That is an earlier name for swen I think.

Fortunately it is only a pest and does not effect my computer in any way
other than bogging me down with unwanted E-mails.

It can get so bad that it stuffs up your e-mail accounts storage
space, and bounces legitimate mail due to exceeding the limit.

Does anyone know how to get rid of this??

Some people have had some amount of success with filtering
software that deletes from the mail server automatically. This
is especially good if the software runs serverside.

 

[optikl]

I have the same problem and I run the fix by Norton but it was of no help!
The same type of emails
are coming and coming, the norton antivirus finds them and put in
quarantine, then I delete them and then
new emails are coming again. When I run the fix swen program it found no
virus.
I think we should wait for a better fix. In the meantime perhaps is better
to close the email program.
good luck
Dimitris

What are you trying to fix? Stopping the emails? The Fix Swen program can't
do anything about that. It can only fix your system if you execute the worm.

 

[Russmape]

Hi
A route trace show it coming from Holland.

P.s. Why do so many reply in the base of the message so you have to scroll
THE MESSAGE.

Thanks got that off my chest.

I too am getting these and others like it - they come from two sources it
appears. Perhaps you should check yourself where they come from. If you
are using Outlook youcan go to View>>Options to view the header information.
In Outlook Express you can see this from File>>Properties and Details to see
the same. I have sent emails to each of the domains listed by finding out
their information from the WHOIS database (not that it will do any good).
Here are two examples of the header information - I bet yours are similar!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Received: From bimba.bezeqint.net [192.115.106.39] by
mailserver10.fasthosts.co.uk
(Matrix SMTP Mail Server v(1.4)) ID=067FCD8D-5238-43EA-8E4C-50ADAFA3971B
; Sun, 21 Sep 2003 18:33:54 +0100
Received: from hhmsyuy (bzq-219-232-200.pop.bezeqint.net [62.219.232.200])
by bimba.bezeqint.net (Bezeq International SMTP out Mail Server) with SMTP
id DFB8F766; Sun, 21 Sep 2003 20:18:47 +0300 (IDT)
From: "Internet Security Division" <[email protected]>
To: "Commercial Customer" <[email protected]>
SUBJECT: Latest Internet Critical Patch
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="ynpxfnrlzzlynda"
Message-Id: <[email protected]>
Date: Sun, 21 Sep 2003 20:18:47 +0300 (IDT)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Or this:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Received: From vsmtp3.tin.it [212.216.176.223] by
mailserver08.fasthosts.co.uk
(Matrix SMTP Mail Server v(1.4)) ID=8DFD3E64-B414-4E5C-B4BC-C5EEB37385D8
; Sun, 21 Sep 2003 18:06:09 +0100
Received: from hvfip (80.180.80.160) by vsmtp3.tin.it (7.0.019)
id 3F4F1DDF008B731D; Sun, 21 Sep 2003 18:58:48 +0200
Date: Sun, 21 Sep 2003 18:58:48 +0200 (added by (e-mail address removed))
Message-ID: <[email protected]> (added by
(e-mail address removed))
FROM: "MS Network Delivery Service" <[email protected]>
TO: "Internet Client" <[email protected]>
SUBJECT: Returned Mail: Returned To Mailer
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="zwimlilnlpcrybb"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Anyway, surely we don't have to be complacent to this sort of thing???? It
is annoying and to those of us with good Anti Virus (up-to-date ones at
that), it is an anoyance only, to others though it is a pain in the nect if
they get caught by it.

Regards

Jonathan Burrows

Since yesterday I been flooded with unsolicited E-mails with dozens of
different titles. 854 messages yesterday and 470 so far today.

The only common thread is they all say they have been processed by
Brightmail and tell me I have been infected by Worm.Automat.AHB.

Fortunately it is only a pest and does not effect my computer in any way
other than bogging me down with unwanted E-mails.

Does anyone know how to get rid of this??

 

[Dennis]

Hi
A route trace show it coming from Holland.

P.s. Why do so many reply in the base of the message so you have to scroll
THE MESSAGE.

Thanks got that off my chest.

on this side of the pond, we think top posting is rude and
un-informed...


"education is the progressive discovery of our own ignorance" --Will Durant
"people who read the tabloids deserve to be lied to " Jerry Seinfeld
"if we don't have a sense of humor, we can't have a sense of perspective --Wayne Thiboux

 

[Steve M (remove wax for reply)]

I too am getting these and others like it - they come from two sources it
appears. Perhaps you should check yourself where they come from. If you
are using Outlook youcan go to View>>Options to view the header information.

They come from many more than two sources. I have now examined the
headers of 69, and they come from several dozen different ISP's.
However, they are often sent in pairs. I often get two copies from
the same ISP, about 10-20 minutes apart.

 

[FromTheRafters]

[snip]

P.s. Why do so many reply in the base of the message so you have to scroll
THE MESSAGE.

Thanks got that off my chest.

Because when you post at the top you tend to leave
the entire quoted message intact and waste bandwidth.
(some folks have to pay for that bandwidth)

 

[Steve M (remove wax for reply)]

[snip]

P.s. Why do so many reply in the base of the message so you have to scroll
THE MESSAGE.

Thanks got that off my chest.

Because when you post at the top you tend to leave
the entire quoted message intact and waste bandwidth.
(some folks have to pay for that bandwidth)

I usually prefer bottom-posting, too.

Either way, it's more polite and saves time for the reader if you
delete most of the original message and leave just enough so that your
reply makes sense.