Victory not far away

J

Jason Wade

Some ISPs are becoming /very/ clued-in to what's needed
to stop Swen.

Victory against the Swen nightmare cannot be far away.
Look at this e-mail I got:
Return-Path: <[email protected]>
Date: 2 Nov 2003 00:06:29 +0200
To: (e-mail address removed)
Subject: Virus found in received message "Last Security Update"
X-Tnz-Problem-Type: 40


Attention: (e-mail address removed)

[A message has been sent to the originator, stating there is a virus
or an illegal attachment in the Email they just sent to you.
No further action is required on your part.
The message passed to you after it was cleaned.]

Virus was found in an Email message sent to you.
This Email scanner intercepted it and stopped the entire message
before it reached you.
Click to expand...

Yay!
Their system /automatically/ warns the infected user--relieving
me of much work.
The Virus was reported to be:

MS-DOS executable (EXE), OS/2 or MS Windows

Please contact your I.T support personnel with any queries regarding this
policy.

The message sent to you had the following envelope:

MAIL FROM: (e-mail address removed)
RCPT TO: (e-mail address removed)

... and with the following headers:

From: "Microsoft Corporation Technical Assistance" <ybdhvtbbosx-wquncm@update
s.msdn.com>
To: "Commercial Customer" <[email protected]>
Subject: Last Security Update
Date: Sun, 2 Nov 2003 0:6:7
The original message is kept in the "PineApp Mail-SeCure"

where the PineApp Mail-SeCure Administrator can further diagnose it.

The Email scanner reported the following when it scanned that message:



==><PineApp Mail-SeCure Report><==
Illegal attachment type 'Executable files' found in file Pack.exe

==><PineApp Mail-SeCure Report><==
Illegal attachment type 'MS-DOS executable (EXE), OS/2 or MS Windows' found in f
ile

==><PineApp Mail-SeCure Report><==
Illegal attachment type 'MS-DOS executable (EXE), OS/2 or MS Windows' found in f
ile
-----------------------------------------------------------------------
filename: Pack.exe
reason: Virus/Suspected file found: Pack.exe
Action Taken: File was disinfected.

==><PineApp Mail-SeCure Report><==
Illegal attachment type 'Executable files' found in file Pack.exe
Click to expand...

They got it! Banning MS executables from the 'net will stop Swen.
==><PineApp Mail-SeCure Report><==
Illegal attachment type 'MS-DOS executable (EXE), OS/2 or MS Windows' found in f
ile

==><PineApp Mail-SeCure Report><==
Illegal attachment type 'MS-DOS executable (EXE), OS/2 or MS Windows' found in f
ile
Click to expand...

(Sniff)
We're so close.
Now let's get every ISP to do this.

C'mon people, talk to your ISPs.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Virus Attack: Huge number of mails sent thru OUTLOOK EXPRESS 3
Help please have I got a Virus 4
F-Prot/Win: opinions? 9
"Mail Delivery Failed" messages 7
I-Worm.Mimail info? 10
Cumlative Patch - Is this from MS? or Virus? 1
Is NAV "Scan and Deliver" Fake? 9
new doom varient? 3

Top