WARNING

W

William Moore

WARNING: Spammers are cruising these newsgroups for
addresses they can

use to send out more spam. Yesterday afternoon, I left my
clean new e-mail address

on this and a few other legitimate Microsoft newsgroups.
The next morning, my

mailbox was full of virus infected spam from "Microsoft."

William Moore
 
D

David H. Lipman

That's NOT spam from spammers, thats the Swen Internet worm !

If you post to UseNet with your TRUE, not a munged, email address then you have invited the
swen Internet worm [aka; W32/Gibe-F] to visit you.

The Swen is news spelled backwards. The reason it is called this is because the Swen worm
harvests email addresses from UseNet News Groups. It has an engine that allows it to post
itself to UseNet News Groups as well as it has its own email engine. From the list of
email addresses that it has harvested, it will then email itself to those addresses.

W32/Swen@MM - http://vil.nai.com/vil/content/v_100662.htm

W32.Swen.A@mm - http://securityresponse.symantec.com/avcenter/venc/data/[email protected]


There are several Internet worms that masquerade as patches from Microsoft. The most
common
are; Swen, Dumaru, Gibe and Torvil. All AV companies and Microsoft are fully aware of
this
problem.

All you can do is...

1. Keep your AV package up-to-date
2. Create email "rules" to auto-delete the offending messages
3. Petition your ISP to install AV software on their respective email servers.
4. Install *all* MS Critical Updates via the Windows Update web site.
5. Always munge your email address when posting to UseNet
6. If all else fails, Change your email address.

Dave



| WARNING: Spammers are cruising these newsgroups for
| addresses they can
|
| use to send out more spam. Yesterday afternoon, I left my
| clean new e-mail address
|
| on this and a few other legitimate Microsoft newsgroups.
| The next morning, my
|
| mailbox was full of virus infected spam from "Microsoft."
|
| William Moore
 
B

Bruce Chambers

Greetings --

It's been well known for years now that posting/publishing a real
email address to _any_ newsgroup or web site is an open initiation to
be spammed. For years now, spammers have been using automated tools
to harvest email addresses from Usenet. What I don't understand is
why you're just now noticing the phenomenon. Was this the first time
you posted to Usenet?

What you received is the output of a computer infected by one of
several widely publicized, wide-spread, mass emailing worms. The
virus' authors have deliberately spoofed the Microsoft information in
the hopes of garnering more victims. This sort of email has been
quite common for at least the past 9 months. The most widely-known
are:

W32.Swen.A_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Dumaru_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

W32.Gibe_mm
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

Trojan.Xombe
http://www.symantec.com/avcenter/venc/data/trojan.xombe.html

Microsoft never has, does not currently, and very probably never
will email unsolicited security patches. At the most, if, and only
if, you subscribe to their security notification newsletter, they will
send you an email informing you that a new patch is available for
downloading.

Microsoft Policies on Software Distribution
http://www.microsoft.com/technet/treeview/?url=/technet/security/policy/swdist.asp

Information on Bogus Microsoft Security Bulletin Emails
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/patch_hoax.asp

How to Tell If a Microsoft Security-Related Message Is Genuine
http://www.microsoft.com/security/antivirus/authenticate_mail.asp

Remember, any and all legitimate patches and updates are readily
available at http://windowsupdate.microsoft.com/. You should develop
the habit of checking this site at least once a month to keep your
computer up-to-date. (Notice that this is the true URL, rather than
the bogus one that may have been contained in the email you received.)
Any messages that point to any other source(s) or claim to have the
patch attached are bogus.

You're receiving these emails because your email address is in
the address book of someone infected with a worm, and/or because you
posted your real email address somewhere on-line, either in a forum
accessible to the public and spambots, such as Usenet, or on an
untrustworthy web site that subsequently sold your address as part of
a mailing list. One thing you can do is notify _everyone_ with whom
you've ever corresponded via email that one or more of them may be
infected with a mass emailing worm, and should take the appropriate
steps.


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Lost all my contacts by virus.... 9
Outlook Warning 2
WARNING!Important please read 5
question about Microsoft emails 6
How do the spammers get our addresses? 12
Warning! I get spam mail after post here :-( 2
What is Anti-Spam Filter.(thunderbird spam filter) 1
What is Anti-Spam Filter.(thunderbird spam filter) 1

Top