BoatBanter.com - Virus Update- Is your name on the list?

BoatBanter.com

BoatBanter.com (https://www.boatbanter.com/)

- General (https://www.boatbanter.com/general/)

- - Virus Update- Is your name on the list? (https://www.boatbanter.com/general/1333-virus-update-your-name-list.html)

noah	September 28th 03 01:46 AM

Virus Update- Is your name on the list?

I received a message today, in Portuguese no less, listing my email
address, and a number of others in this group, as having been
harvested by the W32/swenn@mm worm.

The list is not "all inclusive", meaning that you could still be
targeted even if your addy is not listed. I also know that some are
already invalid, or munged, but I am including the entire list that I
received. There are duplicates. I don't know why.

Be aware that this worm will not only target you, but will send virus
emails listing *you* as the sender. You may get irate mail, or
notices from your ISP, that you are sending virii, when you are not.
The smart ISP's filter for viruses. MANY (i.e. Earthlink), do not.

Also be aware that these addresses (your's and mine) can be
"re-harvested" from the worm, and used for other purposes, such as
sending SPAM, trojan viruses, and other nasty stuff. Your account may
also get hacked, as "they" now know the username, they only need to
hack the password.

I really dislike having to munge my address ("...FISH.net"), and it
get's my Irish up to surrender to these *ssholes, but some of you (me,
included) may wish to consider changing your email address, and
munging it. I'm still thinking about it. I will probably wait to see
if this situation "calms down". I am still receiving about 100
viruses a day, and earthlink bounces them after my account hits 10
megabyte.

I have edited this list, to change the "@" in the addresses to "-at-".
No sense in giving the SPAMbots any food.

Good luck:

To: cristinacoelho-at-epar.jazznet.pt
To: capt_jack-at-mindspring.com
To: sailbad_d_sinner-at-hotmail.com
To: rec.boats.noah-at-earthlink.net
To: aeronaut-at-flight.net
To: piperopiper-at-yahoo.com
To: otnmbrd-at-earthlink.net
To: res1g5v5-at-verizon.net
To: clarkt-at-region.halton.on.ca
To: bradnh-at-volcanomail.com
To: dkanter-at-frontiernet.net
To: cysusenet-at-worldnet.att.net
To: marbisins-at-tampabay.rr.com
To: ksmith1-at-tpg.com.au
To: skoconsult-at-aol.com
To: jim-at-clark.cys
To: doug888-at-bellsouth.net
To: nojunk_n3cvj-at-worldlynx.net
To: ahoy2u-at-aol.com
To: john.gaquin-at-verizon.net
To: j.mcd-at-ns.sympatico.ca
To: r.c.eriksson-at-att.net
To: thunder-at-gti.net
To: qwerty-at-lut.fi
To: dont-at-bother.com
To: kingy-at-capital.net
To: joe-at-privacy.net
To: l4foto-at-aol.com
To: cglocke-at-airmail.net
To: t.thomas-at-mchsi.com
To: gofig-at-mac.com
To: dcecchi-at-msn.com
To: lee-at-thebayguide.com
To: vigilance-at-justice.com
To: theseafox-at-aol.com
To: noyb-at-noyb.com
To: nomail-at-rogers.com
To: lejaynes-at-comcast.net
To: vxmnovxspa-3m*-at-altara.invalid
To: bowgus-at-rogers.com
To: gfretwell-at-aol.comgreg
To: etaoin_shrdlu-at-hotmail.com
To: read-at-sympatico.ca
To: me-at-hyperx.com
To: waynebatrecdotboats-at-hotmail.com
To: meh531-at-hotmail.com
To: jimdotedu-at-yahoo.com
To: vtv001-at-hotmail.com
To: noneofyourbusiness-at-aol.com
To: tonyjvan-at-comcast.net
To: jasonrnorth-at-bigfoot.com
To: markdeb.browne-at-comcast.net
To: jabadoodle-at-yahoo.com
To: nospinzone-at-rec.boats
To: taltmeyer-at-aol.com
To: asad-at-yankeemedia.n3t
To: skcusemans-at-eudoramail.com
To: nharwood-at-tampabay.rr.com
To: trash-at-thedump.com
To: williamcole-at-hotmail.com
To: macomras-at-aol.com
To: white-at-nsknospm.sympatico.ca
To: gould0738-at-aol.com
To: jameslwoodward-at-attbi.com
To: mm0928-at-charter.net
To: graham-at-luna-aromaticsremovethis.com
To: verbrugh-at-cableone.net
To: attorney-at-cybermesa.com
To: carver-at-cam.cornell.edu
To: bruce.limber-at-juno.com
To: trackrunner1500-at-hotmail.com
To: brettz9-at-yahoo.com
To: sb.gerstner-at-ntlworld.com
To: johnludgate-at-doe.asTo: cristinacoelho-at-epar.jazznet.pt
To: doug888-at-bellsouth.net
To: jim-at-clark.cys
To: skoconsult-at-aol.com
To: ksmith1-at-tpg.com.au
To: marbisins-at-tampabay.rr.com
To: cysusenet-at-worldnet.att.net
To: dkanter-at-frontiernet.net
To: bradnh-at-volcanomail.com
To: clarkt-at-region.halton.on.ca
To: res1g5v5-at-verizon.net
To: otnmbrd-at-earthlink.net
To: piperopiper-at-yahoo.com
To: aeronaut-at-flight.net
To: rec.boats.noah-at-earthlink.net
To: sailbad_d_sinner-at-hotmail.com
To: capt_jack-at-mindspring.com

....carry on.
noah

To email me, please remove the "FISH" from the net.

Wildest Dream

September 28th 03 09:24 AM

Virus Update- Is your name on the list?

I'am mad I didn't make the list but i'm getting these stupid E-mails.

"noah" wrote in message
...
I received a message today, in Portuguese no less, listing my email
address, and a number of others in this group, as having been
harvested by the W32/swenn@mm worm.

The list is not "all inclusive", meaning that you could still be
targeted even if your addy is not listed. I also know that some are
already invalid, or munged, but I am including the entire list that I
received. There are duplicates. I don't know why.

Be aware that this worm will not only target you, but will send virus
emails listing *you* as the sender. You may get irate mail, or
notices from your ISP, that you are sending virii, when you are not.
The smart ISP's filter for viruses. MANY (i.e. Earthlink), do not.

Also be aware that these addresses (your's and mine) can be
"re-harvested" from the worm, and used for other purposes, such as
sending SPAM, trojan viruses, and other nasty stuff. Your account may
also get hacked, as "they" now know the username, they only need to
hack the password.

I really dislike having to munge my address ("...FISH.net"), and it
get's my Irish up to surrender to these *ssholes, but some of you (me,
included) may wish to consider changing your email address, and
munging it. I'm still thinking about it. I will probably wait to see
if this situation "calms down". I am still receiving about 100
viruses a day, and earthlink bounces them after my account hits 10
megabyte.

I have edited this list, to change the "@" in the addresses to "-at-".
No sense in giving the SPAMbots any food.

Good luck:

To: cristinacoelho-at-epar.jazznet.pt
To: capt_jack-at-mindspring.com
To: sailbad_d_sinner-at-hotmail.com
To: rec.boats.noah-at-earthlink.net
To: aeronaut-at-flight.net
To: piperopiper-at-yahoo.com
To: otnmbrd-at-earthlink.net
To: res1g5v5-at-verizon.net
To: clarkt-at-region.halton.on.ca
To: bradnh-at-volcanomail.com
To: dkanter-at-frontiernet.net
To: cysusenet-at-worldnet.att.net
To: marbisins-at-tampabay.rr.com
To: ksmith1-at-tpg.com.au
To: skoconsult-at-aol.com
To: jim-at-clark.cys
To: doug888-at-bellsouth.net
To: nojunk_n3cvj-at-worldlynx.net
To: ahoy2u-at-aol.com
To: john.gaquin-at-verizon.net
To: j.mcd-at-ns.sympatico.ca
To: r.c.eriksson-at-att.net
To: thunder-at-gti.net
To: qwerty-at-lut.fi
To: dont-at-bother.com
To: kingy-at-capital.net
To: joe-at-privacy.net
To: l4foto-at-aol.com
To: cglocke-at-airmail.net
To: t.thomas-at-mchsi.com
To: gofig-at-mac.com
To: dcecchi-at-msn.com
To: lee-at-thebayguide.com
To: vigilance-at-justice.com
To: theseafox-at-aol.com
To: noyb-at-noyb.com
To: nomail-at-rogers.com
To: lejaynes-at-comcast.net
To: vxmnovxspa-3m*-at-altara.invalid
To: bowgus-at-rogers.com
To: gfretwell-at-aol.comgreg
To: etaoin_shrdlu-at-hotmail.com
To: read-at-sympatico.ca
To: me-at-hyperx.com
To: waynebatrecdotboats-at-hotmail.com
To: meh531-at-hotmail.com
To: jimdotedu-at-yahoo.com
To: vtv001-at-hotmail.com
To: noneofyourbusiness-at-aol.com
To: tonyjvan-at-comcast.net
To: jasonrnorth-at-bigfoot.com
To: markdeb.browne-at-comcast.net
To: jabadoodle-at-yahoo.com
To: nospinzone-at-rec.boats
To: taltmeyer-at-aol.com
To: asad-at-yankeemedia.n3t
To: skcusemans-at-eudoramail.com
To: nharwood-at-tampabay.rr.com
To: trash-at-thedump.com
To: williamcole-at-hotmail.com
To: macomras-at-aol.com
To: white-at-nsknospm.sympatico.ca
To: gould0738-at-aol.com
To: jameslwoodward-at-attbi.com
To: mm0928-at-charter.net
To: graham-at-luna-aromaticsremovethis.com
To: verbrugh-at-cableone.net
To: attorney-at-cybermesa.com
To: carver-at-cam.cornell.edu
To: bruce.limber-at-juno.com
To: trackrunner1500-at-hotmail.com
To: brettz9-at-yahoo.com
To: sb.gerstner-at-ntlworld.com
To: johnludgate-at-doe.asTo: cristinacoelho-at-epar.jazznet.pt
To: doug888-at-bellsouth.net
To: jim-at-clark.cys
To: skoconsult-at-aol.com
To: ksmith1-at-tpg.com.au
To: marbisins-at-tampabay.rr.com
To: cysusenet-at-worldnet.att.net
To: dkanter-at-frontiernet.net
To: bradnh-at-volcanomail.com
To: clarkt-at-region.halton.on.ca
To: res1g5v5-at-verizon.net
To: otnmbrd-at-earthlink.net
To: piperopiper-at-yahoo.com
To: aeronaut-at-flight.net
To: rec.boats.noah-at-earthlink.net
To: sailbad_d_sinner-at-hotmail.com
To: capt_jack-at-mindspring.com

...carry on.
noah

To email me, please remove the "FISH" from the net.

Harry Krause

September 28th 03 01:29 PM

Virus Update- Is your name on the list?

noah wrote:

I received a message today, in Portuguese no less, listing my email
address, and a number of others in this group, as having been
harvested by the W32/swenn@mm worm.

The list is not "all inclusive", meaning that you could still be
targeted even if your addy is not listed. I also know that some are
already invalid, or munged, but I am including the entire list that I
received. There are duplicates. I don't know why.

Be aware that this worm will not only target you, but will send virus
emails listing *you* as the sender. You may get irate mail, or
notices from your ISP, that you are sending virii, when you are not.
The smart ISP's filter for viruses. MANY (i.e. Earthlink), do not.

Also be aware that these addresses (your's and mine) can be
"re-harvested" from the worm, and used for other purposes, such as
sending SPAM, trojan viruses, and other nasty stuff. Your account may
also get hacked, as "they" now know the username, they only need to
hack the password.

I really dislike having to munge my address ("...FISH.net"), and it
get's my Irish up to surrender to these *ssholes, but some of you (me,
included) may wish to consider changing your email address, and
munging it. I'm still thinking about it. I will probably wait to see
if this situation "calms down". I am still receiving about 100
viruses a day, and earthlink bounces them after my account hits 10
megabyte.

I have edited this list, to change the "@" in the addresses to "-at-".
No sense in giving the SPAMbots any food.

Good luck:

To: cristinacoelho-at-epar.jazznet.pt
To: capt_jack-at-mindspring.com
To: sailbad_d_sinner-at-hotmail.com
To: rec.boats.noah-at-earthlink.net
To: aeronaut-at-flight.net
To: piperopiper-at-yahoo.com
To: otnmbrd-at-earthlink.net
To: res1g5v5-at-verizon.net
To: clarkt-at-region.halton.on.ca
To: bradnh-at-volcanomail.com
To: dkanter-at-frontiernet.net
To: cysusenet-at-worldnet.att.net
To: marbisins-at-tampabay.rr.com
To: ksmith1-at-tpg.com.au
To: skoconsult-at-aol.com
To: jim-at-clark.cys
To: doug888-at-bellsouth.net
To: nojunk_n3cvj-at-worldlynx.net
To: ahoy2u-at-aol.com
To: john.gaquin-at-verizon.net
To: j.mcd-at-ns.sympatico.ca
To: r.c.eriksson-at-att.net
To: thunder-at-gti.net
To: qwerty-at-lut.fi
To: dont-at-bother.com
To: kingy-at-capital.net
To: joe-at-privacy.net
To: l4foto-at-aol.com
To: cglocke-at-airmail.net
To: t.thomas-at-mchsi.com
To: gofig-at-mac.com
To: dcecchi-at-msn.com
To: lee-at-thebayguide.com
To: vigilance-at-justice.com
To: theseafox-at-aol.com
To: noyb-at-noyb.com
To: nomail-at-rogers.com
To: lejaynes-at-comcast.net
To: vxmnovxspa-3m*-at-altara.invalid
To: bowgus-at-rogers.com
To: gfretwell-at-aol.comgreg
To: etaoin_shrdlu-at-hotmail.com
To: read-at-sympatico.ca
To: me-at-hyperx.com
To: waynebatrecdotboats-at-hotmail.com
To: meh531-at-hotmail.com
To: jimdotedu-at-yahoo.com
To: vtv001-at-hotmail.com
To: noneofyourbusiness-at-aol.com
To: tonyjvan-at-comcast.net
To: jasonrnorth-at-bigfoot.com
To: markdeb.browne-at-comcast.net
To: jabadoodle-at-yahoo.com
To: nospinzone-at-rec.boats
To: taltmeyer-at-aol.com
To: asad-at-yankeemedia.n3t
To: skcusemans-at-eudoramail.com
To: nharwood-at-tampabay.rr.com
To: trash-at-thedump.com
To: williamcole-at-hotmail.com
To: macomras-at-aol.com
To: white-at-nsknospm.sympatico.ca
To: gould0738-at-aol.com
To: jameslwoodward-at-attbi.com
To: mm0928-at-charter.net
To: graham-at-luna-aromaticsremovethis.com
To: verbrugh-at-cableone.net
To: attorney-at-cybermesa.com
To: carver-at-cam.cornell.edu
To: bruce.limber-at-juno.com
To: trackrunner1500-at-hotmail.com
To: brettz9-at-yahoo.com
To: sb.gerstner-at-ntlworld.com
To: johnludgate-at-doe.asTo: cristinacoelho-at-epar.jazznet.pt
To: doug888-at-bellsouth.net
To: jim-at-clark.cys
To: skoconsult-at-aol.com
To: ksmith1-at-tpg.com.au
To: marbisins-at-tampabay.rr.com
To: cysusenet-at-worldnet.att.net
To: dkanter-at-frontiernet.net
To: bradnh-at-volcanomail.com
To: clarkt-at-region.halton.on.ca
To: res1g5v5-at-verizon.net
To: otnmbrd-at-earthlink.net
To: piperopiper-at-yahoo.com
To: aeronaut-at-flight.net
To: rec.boats.noah-at-earthlink.net
To: sailbad_d_sinner-at-hotmail.com
To: capt_jack-at-mindspring.com

...carry on.
noah

To email me, please remove the "FISH" from the net.

Thanks for the heads-up, and further proof that you *need* to be using a
virus scanner and other tools to check out your email before you open it.

--
* * *
email sent to will *never* get to me.

Doug Kanter

September 28th 03 01:41 PM

Virus Update- Is your name on the list?

Noah:
For newsgroup use, I've switched to using a throwaway hotmail address. But,
the damage is already done to the Frontier address. I'm getting over 4mb of
junk mail each day. Someone in one of the Microsoft newsgroups suggested
that I take a look at a program called K9, at this site:
http://keir.net/

It's not a turnkey solution, but something which requires thinking on the
part of the user. What it does is identify what it believes is spam. For the
first day or two, it'll make a few errors, but that doesn't matter, since it
doesn't delete the spam. It marks the message's subject line with a phrase
which you can select. It then passes the message through to your normal
email program. This makes it a breeze to create a mail rule based on that
word. The default is [spam], but it could be [aunt beatrice] or anything
else. Besides making rules easier to create, it obviously makes sorting a
breeze. And, if it mistakenly marks something as spam, it's easy to "teach"
the program.

I have 4 email accounts, but only my Frontier account is being crippled by
the number of virus-laden emails it's getting. I receive little or no real
mail there anyway, so I've told OE to stop checking it. Then, I use another
feature of K9 called "server check". It goes to your email server and
downloads just the subject headers. It marks them according to whatever
word(s) you've chosen. If they're obviously bad mail, you can select just
those and delete them from the server, leaving only the good ones. Then,
your email client can be manually told to grab messages from that account.

The program's got a few rough edges, but all in all, it works nicely. It's
free, and there are a few MVPs in the newsgroups below who understand it
enough to be helpful.

microsoft.public.windows.inetexplorer.ie6_outlooke xpress
microsoft.public.win98.gen_discussion

Doug

noah	September 28th 03 03:42 PM

Virus Update- Is your name on the list?

On Sun, 28 Sep 2003 12:41:40 GMT, "Doug Kanter"
wrote:

Noah:
For newsgroup use, I've switched to using a throwaway hotmail address. But,
the damage is already done to the Frontier address. I'm getting over 4mb of
junk mail each day. Someone in one of the Microsoft newsgroups suggested
that I take a look at a program called K9, at this site:
http://keir.net/

It's not a turnkey solution, but something which requires thinking on the
part of the user. What it does is identify what it believes is spam. For the
first day or two, it'll make a few errors, but that doesn't matter, since it
doesn't delete the spam. It marks the message's subject line with a phrase
which you can select. It then passes the message through to your normal
email program. This makes it a breeze to create a mail rule based on that
word. The default is [spam], but it could be [aunt beatrice] or anything
else. Besides making rules easier to create, it obviously makes sorting a
breeze. And, if it mistakenly marks something as spam, it's easy to "teach"
the program.

I have 4 email accounts, but only my Frontier account is being crippled by
the number of virus-laden emails it's getting. I receive little or no real
mail there anyway, so I've told OE to stop checking it. Then, I use another
feature of K9 called "server check". It goes to your email server and
downloads just the subject headers. It marks them according to whatever
word(s) you've chosen. If they're obviously bad mail, you can select just
those and delete them from the server, leaving only the good ones. Then,
your email client can be manually told to grab messages from that account.

The program's got a few rough edges, but all in all, it works nicely. It's
free, and there are a few MVPs in the newsgroups below who understand it
enough to be helpful.

microsoft.public.windows.inetexplorer.ie6_outlook express
microsoft.public.win98.gen_discussion

Doug

Thanks for the info, Doug. I'll give it a look-see.
....carry on.
noah

To email me, please remove the "FISH" from the net.

noah	September 28th 03 03:46 PM

Virus Update- Is your name on the list?

On Sun, 28 Sep 2003 08:24:30 GMT, "Wildest Dream"
wrote:

I'am mad I didn't make the list but i'm getting these stupid E-mails.

LOL! Don't be too mad, you're definitely on a list, just not the one
from Portugal. There can be as many "lists" as there are infected
computers.
....carry on.
noah

To email me, please remove the "FISH" from the net.

Stig Arne Bye

September 28th 03 04:49 PM

Virus Update- Is your name on the list?

noah wrote:

snip

I really dislike having to munge my address ("...FISH.net"), and it
get's my Irish up to surrender to these *ssholes, but some of you (me,
included) may wish to consider changing your email address, and
munging it. I'm still thinking about it. I will probably wait to see
if this situation "calms down". I am still receiving about 100
viruses a day, and earthlink bounces them after my account hits 10
megabyte.

I have so far received 2,337 e-mail infected with W32.Swen.A@mm (a.k.a.
Worm.Automat.AHB) since 19th of September. No mail has so far been
bounced as I have 50 MB total POP-account quota at my local ISP and
download e-mail and thus empty the POP-account several times each day.

After the infected attachment has been removed by Norton AntiVirus (TM),
the remainder (the mail header) is moved to a spesial file. By using
these headers, I can then make a graphic chart (by using a small program
I have made myself) showing how many infected e-mail that has been
received each day, as you can from the following:

E-mail infected by W32.Swen.A@mm (Worm.Automat.AHB)
================================================== =

Total count: 2337

YYYY.MM.DD 50 100 150 200 250 300 350 400 450 500 550 600 650 700 750 800 850 900 950 1000
---------- ----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|
2003.09.19 #########| | | | | | | | | |
2003.09.20 ############################################### | | | | | |
2003.09.21 #######################################| | | | | | |
2003.09.22 ################################## | | | | | | |
2003.09.23 ############################################## | | | | | |
2003.09.24 ######################### | | | | | | | |
2003.09.25 ################# | | | | | | | | |
2003.09.26 ###### | | | | | | | | | |
2003.09.27 #########| | | | | | | | | |
2003.09.28 * ####### | | | | | | | | | |
----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|
50 100 150 200 250 300 350 400 450 500 550 600 650 700 750 800 850 900 950 1000

* Not accomplished (count updated as per 28.09.2003 at 13:58).

Stig Arne Bye

E-mail ......:
Contact .....: AOL IM: VT480TFE / MSN: / ICQ: 403349
Snail-Mail ..: P.O.Box 169, NO-9915 Kirkenes, Norway
Homepage ....: http://home.online.no/~stigbye/index.html
------------------------------------------------------------------------
Located just about 70°N 30°E - Almost at the top of the world!

noah	September 28th 03 09:51 PM

Virus Update- Is your name on the list?

On Sun, 28 Sep 2003 17:49:20 +0200, Stig Arne Bye
wrote:

I have so far received 2,337 e-mail infected with W32.Swen.A@mm (a.k.a.
Worm.Automat.AHB) since 19th of September. No mail has so far been
bounced as I have 50 MB total POP-account quota at my local ISP and
download e-mail and thus empty the POP-account several times each day.

After the infected attachment has been removed by Norton AntiVirus (TM),
the remainder (the mail header) is moved to a spesial file. By using
these headers, I can then make a graphic chart (by using a small program
I have made myself) showing how many infected e-mail that has been
received each day, as you can from the following:

E-mail infected by W32.Swen.A@mm (Worm.Automat.AHB)
================================================= ==

Total count: 2337

YYYY.MM.DD 50 100 150 200 250 300 350 400 450 500 550 600 650 700 750 800 850 900 950 1000
---------- ----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|
2003.09.19 #########| | | | | | | | | |
2003.09.20 ############################################### | | | | | |
2003.09.21 #######################################| | | | | | |
2003.09.22 ################################## | | | | | | |
2003.09.23 ############################################## | | | | | |
2003.09.24 ######################### | | | | | | | |
2003.09.25 ################# | | | | | | | | |
2003.09.26 ###### | | | | | | | | | |
2003.09.27 #########| | | | | | | | | |
2003.09.28 * ####### | | | | | | | | | |
----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|
50 100 150 200 250 300 350 400 450 500 550 600 650 700 750 800 850 900 950 1000

* Not accomplished (count updated as per 28.09.2003 at 13:58).

Stig Arne Bye

E-mail ......:
Contact .....: AOL IM: VT480TFE / MSN: / ICQ: 403349
Snail-Mail ..: P.O.Box 169, NO-9915 Kirkenes, Norway
Homepage ....: http://home.online.no/~stigbye/index.html
------------------------------------------------------------------------
Located just about 70°N 30°E - Almost at the top of the world!

Stig, your graph is interesting. I know that I have received
"thousands" as well, but have not been counting. Hopefully, your
graph indicates a "slowdown".

Greetings to Kirkenes, Norway from Albany, New York, USA.
....carry on.
noah

To email me, please remove the "FISH" from the net.

Dan Krueger

September 28th 03 10:58 PM

Virus Update- Is your name on the list?

Noah,

The problem with your theory is that you, like me, have a 10MB limit. I've been
getting 100 per day and I would suspect that if we had 50MB available, like
Stig, we would see more.

I'm using the Earthlink Spam Blocker, Netscape 7.X junk filter, and Mc Afee
Online Anti Virus. Even though I am blocking more and more email addresses
every day, new ones keep coming in. Mc Afee only catches a few and those don't
even have the "Swen" virus.

What I am getting are returned emails that I never sent and the MS patches. I
guess there is no way to block the returned emails since they aren't originating
from my computer.

In order to allow "real" email in, I have been cleaning my inbox from the office
through Earthlink Webmail. What a huge waste of time that is.

Good luck,
Dan

noah wrote:
On Sun, 28 Sep 2003 17:49:20 +0200, Stig Arne Bye
wrote:

I have so far received 2,337 e-mail infected with W32.Swen.A@mm (a.k.a.
Worm.Automat.AHB) since 19th of September. No mail has so far been
bounced as I have 50 MB total POP-account quota at my local ISP and
download e-mail and thus empty the POP-account several times each day.

After the infected attachment has been removed by Norton AntiVirus (TM),
the remainder (the mail header) is moved to a spesial file. By using
these headers, I can then make a graphic chart (by using a small program
I have made myself) showing how many infected e-mail that has been
received each day, as you can from the following:

E-mail infected by W32.Swen.A@mm (Worm.Automat.AHB)
================================================ ===

Total count: 2337

YYYY.MM.DD 50 100 150 200 250 300 350 400 450 500 550 600 650 700 750 800 850 900 950 1000
---------- ----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|
2003.09.19 #########| | | | | | | | | |
2003.09.20 ############################################### | | | | | |
2003.09.21 #######################################| | | | | | |
2003.09.22 ################################## | | | | | | |
2003.09.23 ############################################## | | | | | |
2003.09.24 ######################### | | | | | | | |
2003.09.25 ################# | | | | | | | | |
2003.09.26 ###### | | | | | | | | | |
2003.09.27 #########| | | | | | | | | |
2003.09.28 * ####### | | | | | | | | | |
----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|
50 100 150 200 250 300 350 400 450 500 550 600 650 700 750 800 850 900 950 1000

* Not accomplished (count updated as per 28.09.2003 at 13:58).

Stig Arne Bye

E-mail ......:
Contact .....: AOL IM: VT480TFE / MSN: / ICQ: 403349
Snail-Mail ..: P.O.Box 169, NO-9915 Kirkenes, Norway
Homepage ....: http://home.online.no/~stigbye/index.html
------------------------------------------------------------------------
Located just about 70°N 30°E - Almost at the top of the world!

Stig, your graph is interesting. I know that I have received
"thousands" as well, but have not been counting. Hopefully, your
graph indicates a "slowdown".

Greetings to Kirkenes, Norway from Albany, New York, USA.
...carry on.
noah

To email me, please remove the "FISH" from the net.

Mark Browne

September 29th 03 12:10 AM

Virus Update- Is your name on the list?

The comcast folks are cleaning the stuff as it enters thier server farms.
This means that I am getting 2k per message, not 150K per message.
The current virus-of-the-week does have well defined subject strings. You
can get a list of them from the analysis on the SARC site. Put them in your
blocking rules and forget about it.

Mark Browne -- Can learn from Noah.
Remove the FISH form the net to email me directly.

"Dan Krueger" wrote in message
link.net...
Noah,

The problem with your theory is that you, like me, have a 10MB limit.
I've been
getting 100 per day and I would suspect that if we had 50MB available,
like
Stig, we would see more.

I'm using the Earthlink Spam Blocker, Netscape 7.X junk filter, and Mc
Afee
Online Anti Virus. Even though I am blocking more and more email
addresses
every day, new ones keep coming in. Mc Afee only catches a few and those
don't
even have the "Swen" virus.

What I am getting are returned emails that I never sent and the MS
patches. I
guess there is no way to block the returned emails since they aren't
originating
from my computer.

In order to allow "real" email in, I have been cleaning my inbox from the
office
through Earthlink Webmail. What a huge waste of time that is.

Good luck,
Dan

snip

Larry

September 29th 03 06:55 PM

Virus Update- Is your name on the list?

On 27 Sep 2003 19:46:34 -0500, noah wrote:

I received a message today, in Portuguese no less, listing my email
address, and a number of others in this group, as having been
harvested by the W32/swenn@mm worm.

....snip

I'm a newbie here, but not having seen mention of them, you folks should be
aware of a few programs which will help. Pop3ScanMail and MailWasher will
allow you to delete these on your server without first having to download
them. I use MailWasher Pro which allows blacklisting, whitelisting and
filters to help you automate these tasks. I'm using a filter for Swen
which is about 99% effective. Saves a LOT of time.
--

Larry
email is rapp at lmr dot com

Doug Kanter

September 29th 03 07:13 PM

Virus Update- Is your name on the list?

The SWEN-laden messages I'm getting have so far come from 218 different
addresses. How does Mailwasher deal with this? Seems to complicated for a
blacklisting scheme.

"Larry" wrote in message
...
On 27 Sep 2003 19:46:34 -0500, noah wrote:

I received a message today, in Portuguese no less, listing my email
address, and a number of others in this group, as having been
harvested by the W32/swenn@mm worm.

...snip

I'm a newbie here, but not having seen mention of them, you folks should
be
aware of a few programs which will help. Pop3ScanMail and MailWasher will
allow you to delete these on your server without first having to download
them. I use MailWasher Pro which allows blacklisting, whitelisting and
filters to help you automate these tasks. I'm using a filter for Swen
which is about 99% effective. Saves a LOT of time.
--

Larry
email is rapp at lmr dot com

Peggie Hall

September 29th 03 07:38 PM

Virus Update- Is your name on the list?

Larry wrote:
I'm a newbie here, but not having seen mention of them, you folks should be
aware of a few programs which will help. Pop3ScanMail and MailWasher will
allow you to delete these on your server without first having to download
them. I use MailWasher Pro which allows blacklisting, whitelisting and
filters to help you automate these tasks. I'm using a filter for Swen
which is about 99% effective. Saves a LOT of time.

I've been using the freeware version of Mailwasher for nearly a
year...just leave it running in the background all the time. Someone on
a sailnet list I'm on put me onto it, and it's cut the amount of spam I
ever actually see down from over 100/day to less than 5. It also deletes
mail--and also bounces anything blacklisted back to the spammer as
undeliverable mail directly from my ISP's mail server. It takes a little
tweaking about once a week to keep the blacklist up to date, but I love
it! Also has filters that allow me to screen and delete before
downloading any posts that don't interest me on the e-mail lists I'm on.
Once in a while it's a little overprotective and bounces a legitmate
email--for instance, I've included a wildcard expression on the
blacklist to delete any mail with *free* in the return address, so it
thought an email from a friend who's last name is Freeman was spam and
bounced it. But when I found out, all it took to fix it was adding his
email address to the "friends" list.

Fwiw, just munging an email address slightly (i.e.
@msndotREMOVE THIS.com...or tomATaol.com
etc) won't defeat spammers' harvesting software...they have other
software that cleans it up. That's why I use clue in
it as to my real address. It was working here...I wasn't getting any
spam till I made the mistake of joining a game site called jackpot.com
that ignores opt out requests and has software that knows how to collect
the address from everyone that even closes popups. Within 24 hours after
joining, my spam went from -0- to 50 to over 100 a day and increasing daily.

Check out mailwasher...I think you'll like it. It's at
http://www.mailwasher.net

Peggie
----------
Peggie Hall
Specializing in marine sanitation since 1987
Author "Get Rid of Boat Odors - A Guide To Marine Sanitation Systems and
Other Sources of Aggravation and Odor"
http://www.seaworthy.com/html/get_ri...oat_odors.html

Peggie Hall

September 29th 03 07:48 PM

Virus Update- Is your name on the list?

Doug Kanter wrote:
The SWEN-laden messages I'm getting have so far come from 218 different
addresses. How does Mailwasher deal with this? Seems to complicated for a
blacklisting scheme.

Find the identical element in the return address or subject line, add it
to the blacklist as a "wildcard" expression. Then mailwasher knows to
automatically delete and bounce all mail that has that element in it.

In the options, you can also choose for it to automatically delete and
bounce anything on the Spamcop, ORDB and VISI spam lists. It then adds
those email addresses to your blacklist...you can go in and edit that to
create wildcards.

For instance...there's a spammer who seems to like to use names of
metals in his return etc. So
I've created wildcards to bounce anything from from
(the asterisks represent 0-any characters).
Haven't actually seen another one from that source since I figured it out.

It sounds a lot more complicated than it is.

Peggie
----------
Peggie Hall
Specializing in marine sanitation since 1987
Author "Get Rid of Boat Odors - A Guide To Marine Sanitation Systems and
Other Sources of Aggravation and Odor"
http://www.seaworthy.com/html/get_ri...oat_odors.html

Larry

September 29th 03 09:16 PM

Virus Update- Is your name on the list?

On Mon, 29 Sep 2003 18:13:52 GMT, Doug Kanter wrote:

The SWEN-laden messages I'm getting have so far come from 218 different
addresses. How does Mailwasher deal with this? Seems to complicated for a
blacklisting scheme.

Actually, it is done using regex expressions, it doesn't rely on from
addresses at all. In MailWasher you set a filter to follow two rules:

The entire header contains RegExp Content-Type:
multipart/(mixed|alternative)

and

The entire header contains RegExp boundary\="([a-z][a-z]*)"

Try it.

I got that from a post by Ralph Fox. He uses this filter in Agent:

Content-Type: =%{multipart/(mixed|alternative); boundary="[a-z][a-z]*"}

which also works well.

"Larry" wrote in message
...
On 27 Sep 2003 19:46:34 -0500, noah wrote:

I received a message today, in Portuguese no less, listing my email
address, and a number of others in this group, as having been
harvested by the W32/swenn@mm worm.

...snip

I'm a newbie here, but not having seen mention of them, you folks should
be
aware of a few programs which will help. Pop3ScanMail and MailWasher will
allow you to delete these on your server without first having to download
them. I use MailWasher Pro which allows blacklisting, whitelisting and
filters to help you automate these tasks. I'm using a filter for Swen
which is about 99% effective. Saves a LOT of time.
--

Larry
email is rapp at lmr dot com

--
--

Larry
email is rapp at lmr dot com

Peggie Hall

September 29th 03 10:15 PM

Virus Update- Is your name on the list?

Larry wrote:
Actually, it is done using regex expressions, it doesn't rely on from
addresses at all. In MailWasher you set a filter to follow two rules:

The entire header contains RegExp Content-Type:
multipart/(mixed|alternative)

and

The entire header contains RegExp boundary\="([a-z][a-z]*)"

Try it.

Would you mind explaining that to me in English? :) 'Cuz from your
example, it appears to me that would filter out everything. And why
would you use a filter instead of a wildcard on the blacklist?

If you want to move the lesson to email, my address is
.

Peggie
----------
Peggie Hall
Specializing in marine sanitation since 1987
Author "Get Rid of Boat Odors - A Guide To Marine Sanitation Systems and
Other Sources of Aggravation and Odor"
http://www.seaworthy.com/html/get_ri...oat_odors.html

noah	September 30th 03 02:51 AM

Virus Update- Is your name on the list?

On Sun, 28 Sep 2003 21:58:58 GMT, Dan Krueger
wrote:

Noah,

The problem with your theory is that you, like me, have a 10MB limit. I've been
getting 100 per day and I would suspect that if we had 50MB available, like
Stig, we would see more.

I'm using the Earthlink Spam Blocker, Netscape 7.X junk filter, and Mc Afee
Online Anti Virus. Even though I am blocking more and more email addresses
every day, new ones keep coming in. Mc Afee only catches a few and those don't
even have the "Swen" virus.

What I am getting are returned emails that I never sent and the MS patches. I
guess there is no way to block the returned emails since they aren't originating
from my computer.

In order to allow "real" email in, I have been cleaning my inbox from the office
through Earthlink Webmail. What a huge waste of time that is.

Good luck,
Dan

LOL! I don't have any theory Dan, I'm just bailing with the best of
'em!

This is a fairly sophisticated virus, in that it rips addy's from
newsgroups, address books, and "community boards". It also "fakes"
returned mail, in the expectation that you will open it.

It IS a huge waste of time, and if they ever catch the little
blighter, I hope they keel haul 'im! :o)

....carry on.
noah

To email me, please remove the "FISH" from the net.

noah	September 30th 03 03:14 AM

Virus Update- Is your name on the list?

On Mon, 29 Sep 2003 20:16:54 GMT, Larry wrote:

On Mon, 29 Sep 2003 18:13:52 GMT, Doug Kanter wrote:

The SWEN-laden messages I'm getting have so far come from 218 different
addresses. How does Mailwasher deal with this? Seems to complicated for a
blacklisting scheme.

Actually, it is done using regex expressions, it doesn't rely on from
addresses at all. In MailWasher you set a filter to follow two rules:

The entire header contains RegExp Content-Type:
multipart/(mixed|alternative)

and

The entire header contains RegExp boundary\="([a-z][a-z]*)"

Try it.

I got that from a post by Ralph Fox. He uses this filter in Agent:

Content-Type: =%{multipart/(mixed|alternative); boundary="[a-z][a-z]*"}

which also works well.

"Larry" wrote in message
...
On 27 Sep 2003 19:46:34 -0500, noah wrote:

I received a message today, in Portuguese no less, listing my email
address, and a number of others in this group, as having been
harvested by the W32/swenn@mm worm.

...snip

I'm a newbie here, but not having seen mention of them, you folks should
be
aware of a few programs which will help. Pop3ScanMail and MailWasher will
allow you to delete these on your server without first having to download
them. I use MailWasher Pro which allows blacklisting, whitelisting and
filters to help you automate these tasks. I'm using a filter for Swen
which is about 99% effective. Saves a LOT of time.
--

Larry
email is rapp at lmr dot com

--
Larry- Thanks for this, I use Agent. I'll still need to visit the ISP
to dump the Viro-mail tho'.
....carry on.
noah

To email me, please remove the "FISH" from the net.

Larry

October 1st 03 01:40 AM

Virus Update- Is your name on the list?

On Mon, 29 Sep 2003 21:15:14 GMT, Peggie Hall wrote:

Larry wrote:
Actually, it is done using regex expressions, it doesn't rely on from
addresses at all. In MailWasher you set a filter to follow two rules:

The entire header contains RegExp Content-Type:
multipart/(mixed|alternative)

and

The entire header contains RegExp boundary\="([a-z][a-z]*)"

Try it.

Would you mind explaining that to me in English? :) 'Cuz from your
example, it appears to me that would filter out everything. And why
would you use a filter instead of a wildcard on the blacklist?

If you want to move the lesson to email, my address is
.

Peggie
----------
Peggie Hall
Specializing in marine sanitation since 1987
Author "Get Rid of Boat Odors - A Guide To Marine Sanitation Systems and
Other Sources of Aggravation and Odor"
http://www.seaworthy.com/html/get_ri...oat_odors.html

Hi Peggie,

Well, if you've tried it, you know that it won't filter everything. In
fact, it only filters Swen. Unfortunately, it doesn't work on all of them,
but here it gets about 98%. The reason I use a filter rather than a
blacklist is that this thing is temporary (at least I hope it is) and it is
constantly changing. You can have the filter add the address to the
blacklist if you like, but I doubt it will help much.

As for how it works, first I have to say that it isn't my work - I learned
of it from Ralph Fox on alt.usenet.offline-reader.forte-agent. Basically,
what he (or someone else) did was to note that all of the Swen posts were
coded as having a content type of either multipart/alternative or
multipart/mixed. The second thing is that their boundary is always
specified as multi-character string of two or more characters. The two
regex expressions in the filters - Note: you must couple the two rules with
an "and" - handles this.

Hope this helps. If not, ask away.

--

Larry
email is rapp at lmr dot com

Peggie Hall

October 1st 03 02:24 AM

Virus Update- Is your name on the list?

Hmmm...methinks you may be doing it the hard way.

I got the same virus email...sender's address was @ms.com. That's not a
legitimate address for anyone who'd be sending me mail...and, it's on
the SpamCop list...AND--Microsoft doesn't send emails unless you've
subscribed to their update alerts. So, I blacklisted *ms.com and haven't
seen a one since then. No need to filter the subject line or
anything...ALL mail from any sender using an @ms.com address is
automatically deleted and bounced back as undeliverable to my address.

I suspect you rely much more on filters than on the blacklist....I did
too when I first installed Mailwasher...till I figured out how to use
the blacklist. Once I figured it out--which was about a year ago--I
deleted almost all the filters...only have 4 left, and they only mark
for delete, nothing else. Everything else goes on the blacklist, 99% of
which is wildcard expressions. Mailwasher purges any that haven't been
used in a preset number of days...the default is 200 days...I reduced it
to 90, figuring that's about as a long as spammers and virus propagators
ever use the same one. About once a week I go into it and edit
spammers' email addresses to wildcards...and so far, it's working...I'm
only actually seeing about 5 emails a day that aren't legitimate, and I
get to blacklist those.

So if you haven't, you might spend some time exploring how the blacklist
actually works--how to turn email addresses into wildcard expressions.
'Cuz they really cut down on the number of filters needed. In fact, the
only thing I use filters for is to screen the headers on the email lists
I'm subscribed to, so I only downoad the topics I want to participate
in. The rest, I just leave marked for delete--not blacklisted, not
bounced...just deleted off the server.

Peggie
----------
Peggie Hall
Specializing in marine sanitation since 1987
Author "Get Rid of Boat Odors - A Guide To Marine Sanitation Systems and
Other Sources of Aggravation and Odor"
http://shop.sailboatowners.com/detai...=400&group=327

http://www.seaworthy.com/html/get_ri...oat_odors.html

Bill	October 1st 03 10:47 PM

Virus Update- Is your name on the list?

So THAT's where they're coming from. My email is not on the list but
I have received 200+ virus laden emails since I posted a question last
week.
I have since altered my email address but I am afraid the damage is
done. Oh well, maybe they will eventually get tired of it.

Thanks for the heads up!!

Bill
On 27 Sep 2003 19:46:34 -0500, noah
wrote:

I received a message today, in Portuguese no less, listing my email
address, and a number of others in this group, as having been
harvested by the W32/swenn@mm worm.

The list is not "all inclusive", meaning that you could still be
targeted even if your addy is not listed. I also know that some are
already invalid, or munged, but I am including the entire list that I
received. There are duplicates. I don't know why.

Be aware that this worm will not only target you, but will send virus
emails listing *you* as the sender. You may get irate mail, or
notices from your ISP, that you are sending virii, when you are not.
The smart ISP's filter for viruses. MANY (i.e. Earthlink), do not.

Also be aware that these addresses (your's and mine) can be
"re-harvested" from the worm, and used for other purposes, such as
sending SPAM, trojan viruses, and other nasty stuff. Your account may
also get hacked, as "they" now know the username, they only need to
hack the password.

I really dislike having to munge my address ("...FISH.net"), and it
get's my Irish up to surrender to these *ssholes, but some of you (me,
included) may wish to consider changing your email address, and
munging it. I'm still thinking about it. I will probably wait to see
if this situation "calms down". I am still receiving about 100
viruses a day, and earthlink bounces them after my account hits 10
megabyte.

I have edited this list, to change the "@" in the addresses to "-at-".
No sense in giving the SPAMbots any food.

Good luck:

To: cristinacoelho-at-epar.jazznet.pt
To: capt_jack-at-mindspring.com
To: sailbad_d_sinner-at-hotmail.com
To: rec.boats.noah-at-earthlink.net
To: aeronaut-at-flight.net
To: piperopiper-at-yahoo.com
To: otnmbrd-at-earthlink.net
To: res1g5v5-at-verizon.net
To: clarkt-at-region.halton.on.ca
To: bradnh-at-volcanomail.com
To: dkanter-at-frontiernet.net
To: cysusenet-at-worldnet.att.net
To: marbisins-at-tampabay.rr.com
To: ksmith1-at-tpg.com.au
To: skoconsult-at-aol.com
To: jim-at-clark.cys
To: doug888-at-bellsouth.net
To: nojunk_n3cvj-at-worldlynx.net
To: ahoy2u-at-aol.com
To: john.gaquin-at-verizon.net
To: j.mcd-at-ns.sympatico.ca
To: r.c.eriksson-at-att.net
To: thunder-at-gti.net
To: qwerty-at-lut.fi
To: dont-at-bother.com
To: kingy-at-capital.net
To: joe-at-privacy.net
To: l4foto-at-aol.com
To: cglocke-at-airmail.net
To: t.thomas-at-mchsi.com
To: gofig-at-mac.com
To: dcecchi-at-msn.com
To: lee-at-thebayguide.com
To: vigilance-at-justice.com
To: theseafox-at-aol.com
To: noyb-at-noyb.com
To: nomail-at-rogers.com
To: lejaynes-at-comcast.net
To: vxmnovxspa-3m*-at-altara.invalid
To: bowgus-at-rogers.com
To: gfretwell-at-aol.comgreg
To: etaoin_shrdlu-at-hotmail.com
To: read-at-sympatico.ca
To: me-at-hyperx.com
To: waynebatrecdotboats-at-hotmail.com
To: meh531-at-hotmail.com
To: jimdotedu-at-yahoo.com
To: vtv001-at-hotmail.com
To: noneofyourbusiness-at-aol.com
To: tonyjvan-at-comcast.net
To: jasonrnorth-at-bigfoot.com
To: markdeb.browne-at-comcast.net
To: jabadoodle-at-yahoo.com
To: nospinzone-at-rec.boats
To: taltmeyer-at-aol.com
To: asad-at-yankeemedia.n3t
To: skcusemans-at-eudoramail.com
To: nharwood-at-tampabay.rr.com
To: trash-at-thedump.com
To: williamcole-at-hotmail.com
To: macomras-at-aol.com
To: white-at-nsknospm.sympatico.ca
To: gould0738-at-aol.com
To: jameslwoodward-at-attbi.com
To: mm0928-at-charter.net
To: graham-at-luna-aromaticsremovethis.com
To: verbrugh-at-cableone.net
To: attorney-at-cybermesa.com
To: carver-at-cam.cornell.edu
To: bruce.limber-at-juno.com
To: trackrunner1500-at-hotmail.com
To: brettz9-at-yahoo.com
To: sb.gerstner-at-ntlworld.com
To: johnludgate-at-doe.asTo: cristinacoelho-at-epar.jazznet.pt
To: doug888-at-bellsouth.net
To: jim-at-clark.cys
To: skoconsult-at-aol.com
To: ksmith1-at-tpg.com.au
To: marbisins-at-tampabay.rr.com
To: cysusenet-at-worldnet.att.net
To: dkanter-at-frontiernet.net
To: bradnh-at-volcanomail.com
To: clarkt-at-region.halton.on.ca
To: res1g5v5-at-verizon.net
To: otnmbrd-at-earthlink.net
To: piperopiper-at-yahoo.com
To: aeronaut-at-flight.net
To: rec.boats.noah-at-earthlink.net
To: sailbad_d_sinner-at-hotmail.com
To: capt_jack-at-mindspring.com

...carry on.
noah

To email me, please remove the "FISH" from the net.

Dan Krueger

October 2nd 03 02:14 AM

Virus Update- Is your name on the list?

"they" will get tired of it? It's a virus! There isn't some dumbass 16 year
old sending those one at a time. That's the problem.

Dan

Bill wrote:
So THAT's where they're coming from. My email is not on the list but
I have received 200+ virus laden emails since I posted a question last
week.
I have since altered my email address but I am afraid the damage is
done. Oh well, maybe they will eventually get tired of it.

Thanks for the heads up!!

Bill
On 27 Sep 2003 19:46:34 -0500, noah
wrote:

I received a message today, in Portuguese no less, listing my email
address, and a number of others in this group, as having been
harvested by the W32/swenn@mm worm.

The list is not "all inclusive", meaning that you could still be
targeted even if your addy is not listed. I also know that some are
already invalid, or munged, but I am including the entire list that I
received. There are duplicates. I don't know why.

Be aware that this worm will not only target you, but will send virus
emails listing *you* as the sender. You may get irate mail, or
notices from your ISP, that you are sending virii, when you are not.
The smart ISP's filter for viruses. MANY (i.e. Earthlink), do not.

Also be aware that these addresses (your's and mine) can be
"re-harvested" from the worm, and used for other purposes, such as
sending SPAM, trojan viruses, and other nasty stuff. Your account may
also get hacked, as "they" now know the username, they only need to
hack the password.

I really dislike having to munge my address ("...FISH.net"), and it
get's my Irish up to surrender to these *ssholes, but some of you (me,
included) may wish to consider changing your email address, and
munging it. I'm still thinking about it. I will probably wait to see
if this situation "calms down". I am still receiving about 100
viruses a day, and earthlink bounces them after my account hits 10
megabyte.

I have edited this list, to change the "@" in the addresses to "-at-".
No sense in giving the SPAMbots any food.

Good luck:

To: cristinacoelho-at-epar.jazznet.pt
To: capt_jack-at-mindspring.com
To: sailbad_d_sinner-at-hotmail.com
To: rec.boats.noah-at-earthlink.net
To: aeronaut-at-flight.net
To: piperopiper-at-yahoo.com
To: otnmbrd-at-earthlink.net
To: res1g5v5-at-verizon.net
To: clarkt-at-region.halton.on.ca
To: bradnh-at-volcanomail.com
To: dkanter-at-frontiernet.net
To: cysusenet-at-worldnet.att.net
To: marbisins-at-tampabay.rr.com
To: ksmith1-at-tpg.com.au
To: skoconsult-at-aol.com
To: jim-at-clark.cys
To: doug888-at-bellsouth.net
To: nojunk_n3cvj-at-worldlynx.net
To: ahoy2u-at-aol.com
To: john.gaquin-at-verizon.net
To: j.mcd-at-ns.sympatico.ca
To: r.c.eriksson-at-att.net
To: thunder-at-gti.net
To: qwerty-at-lut.fi
To: dont-at-bother.com
To: kingy-at-capital.net
To: joe-at-privacy.net
To: l4foto-at-aol.com
To: cglocke-at-airmail.net
To: t.thomas-at-mchsi.com
To: gofig-at-mac.com
To: dcecchi-at-msn.com
To: lee-at-thebayguide.com
To: vigilance-at-justice.com
To: theseafox-at-aol.com
To: noyb-at-noyb.com
To: nomail-at-rogers.com
To: lejaynes-at-comcast.net
To: vxmnovxspa-3m*-at-altara.invalid
To: bowgus-at-rogers.com
To: gfretwell-at-aol.comgreg
To: etaoin_shrdlu-at-hotmail.com
To: read-at-sympatico.ca
To: me-at-hyperx.com
To: waynebatrecdotboats-at-hotmail.com
To: meh531-at-hotmail.com
To: jimdotedu-at-yahoo.com
To: vtv001-at-hotmail.com
To: noneofyourbusiness-at-aol.com
To: tonyjvan-at-comcast.net
To: jasonrnorth-at-bigfoot.com
To: markdeb.browne-at-comcast.net
To: jabadoodle-at-yahoo.com
To: nospinzone-at-rec.boats
To: taltmeyer-at-aol.com
To: asad-at-yankeemedia.n3t
To: skcusemans-at-eudoramail.com
To: nharwood-at-tampabay.rr.com
To: trash-at-thedump.com
To: williamcole-at-hotmail.com
To: macomras-at-aol.com
To: white-at-nsknospm.sympatico.ca
To: gould0738-at-aol.com
To: jameslwoodward-at-attbi.com
To: mm0928-at-charter.net
To: graham-at-luna-aromaticsremovethis.com
To: verbrugh-at-cableone.net
To: attorney-at-cybermesa.com
To: carver-at-cam.cornell.edu
To: bruce.limber-at-juno.com
To: trackrunner1500-at-hotmail.com
To: brettz9-at-yahoo.com
To: sb.gerstner-at-ntlworld.com
To: johnludgate-at-doe.asTo: cristinacoelho-at-epar.jazznet.pt
To: doug888-at-bellsouth.net
To: jim-at-clark.cys
To: skoconsult-at-aol.com
To: ksmith1-at-tpg.com.au
To: marbisins-at-tampabay.rr.com
To: cysusenet-at-worldnet.att.net
To: dkanter-at-frontiernet.net
To: bradnh-at-volcanomail.com
To: clarkt-at-region.halton.on.ca
To: res1g5v5-at-verizon.net
To: otnmbrd-at-earthlink.net
To: piperopiper-at-yahoo.com
To: aeronaut-at-flight.net
To: rec.boats.noah-at-earthlink.net
To: sailbad_d_sinner-at-hotmail.com
To: capt_jack-at-mindspring.com

...carry on.
noah

To email me, please remove the "FISH" from the net.

Stig Arne Bye

October 4th 03 12:45 AM

Virus Update- Is your name on the list?

Stig Arne Bye wrote:

noah wrote:

snip

After the infected attachment has been removed by Norton AntiVirus (TM),
the remainder (the mail header) is moved to a spesial file. By using
these headers, I can then make a graphic chart (by using a small program
I have made myself) showing how many infected e-mail that has been
received each day, as you can from the following:

E-mail infected by W32.Swen.A@mm (Worm.Automat.AHB)
================================================== =

Total count: 2337

YYYY.MM.DD 50 100 150 200 250 300 350 400 450 500 550 600 650 700 750 800 850 900 950 1000
---------- ----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|
2003.09.19 #########| | | | | | | | | |
2003.09.20 ############################################### | | | | | |
2003.09.21 #######################################| | | | | | |
2003.09.22 ################################## | | | | | | |
2003.09.23 ############################################## | | | | | |
2003.09.24 ######################### | | | | | | | |
2003.09.25 ################# | | | | | | | | |
2003.09.26 ###### | | | | | | | | | |
2003.09.27 #########| | | | | | | | | |
2003.09.28 * ####### | | | | | | | | | |
----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|
50 100 150 200 250 300 350 400 450 500 550 600 650 700 750 800 850 900 950 1000

* Not accomplished (count updated as per 28.09.2003 at 13:58).

After this, I encountered an increase in infected e-mail received, where
the number of infected e-mail received each day were stable around 150
per day for several days. However, now it finally seem to be a
noticeable decrease as you can see from the last graph generated below
(in fact, I haven't received ANY e-mail infected with the Swen.A worm
for the last about 6 hours).

E-mail infected by W32.Swen.A@mm (Worm.Automat.AHB)
================================================== =

Total count: 3072

YYYY.MM.DD 50 100 150 200 250 300 350 400 450 500 550 600 650 700 750 800 850 900 950 1000
---------- ----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|
2003.09.19 #########| | | | | | | | | |
2003.09.20 ############################################### | | | | | |
2003.09.21 #######################################| | | | | | |
2003.09.22 ################################## | | | | | | |
2003.09.23 ############################################## | | | | | |
2003.09.24 ######################### | | | | | | | |
2003.09.25 ################# | | | | | | | | |
2003.09.26 ###### | | | | | | | | | |
2003.09.27 #########| | | | | | | | | |
2003.09.28 ########## | | | | | | | | |
2003.09.29 ################# | | | | | | | | |
2003.09.30 ################ | | | | | | | | |
2003.10.01 ################ | | | | | | | | |
2003.10.02 ############## | | | | | | | | |
2003.10.03 #########| | | | | | | | | |
2003.10.04 * | | | | | | | | | |
----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|
50 100 150 200 250 300 350 400 450 500 550 600 650 700 750 800 850 900 950 1000

* Not accomplished (count updated as per 04.10.2003 at 01:26).

BTW, I noticed that the previous mass mailing worm (Sobig.F) was first
discovered on 18th of August, and this last mass mailing worm (Swen.A)
was first discovered on 18th of September.
If the identical dates is an actual pattern, then just wait until
18th of October.....

Stig Arne Bye

E-mail ......:
Contact .....: AOL IM: VT480TFE / MSN: / ICQ: 403349
Snail-Mail ..: P.O.Box 169, NO-9915 Kirkenes, Norway
Homepage ....: http://home.online.no/~stigbye/index.html
------------------------------------------------------------------------
Located just about 70°N 30°E - Almost at the top of the world!

All times are GMT +1. The time now is 06:21 PM.

Powered by vBulletin® Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Copyright ©2004 - 2014 BoatBanter.com