| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <014d01c3843f$dc942bd0$a4511a42@MLANDE> From: mlande at bellsouth.net (Mary Landesman) Subject: Swen Really Sucks Swen does not only compose email pretending to be a patch from Microsoft. It also composes email pretending to be a bounced message. There are various renditions of the false 'return to sender'. A couple of examples follow: ----------------------------------------- Hi. I'm afraid I wasn't able to deliver your message to one or more destinations. Undeliverable mail to ykhytbgqcg@...foot.net ------------------------------------------ I'm sorry to have to inform you that the message returned below could not be delivered to one or more destinations. Undeliverable message to sxlpvjk@...rica.net ------------------------------------------ Undelivered mail to pdijepslaw@...mail.net Message follows: ----------------------------------------- F-Secure has a complete list at: http://www.f-secure.com/v-descs/swen.shtml Regards, Mary Landesman Antivirus About.com Guide http://antivirus.about.com ----- Original Message ----- From: "Kye Lewis" <kye@...islan.id.au> To: <full-disclosure@...ts.netsys.com> Cc: "Craig Pratt" <craig@...ong-box.net> Sent: Friday, September 26, 2003 10:03 AM Subject: Re: [Full-Disclosure] Swen Really Sucks [..] > So, has anyone actually sent mail to an envelope sender to see if > they're actually infected? Or is it possible this thing just likes to > fake the same sender for all outgoing messages? Seeing that I have a collection of around 2000 unique and believable return-paths from this virus, it seems quite likely that they're legitimate.
Powered by blists - more mailing lists