lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: mlande at (Mary Landesman)
Subject: Swen Really Sucks

Swen does not only compose email pretending to be a patch from Microsoft. It
also composes email pretending to be a bounced message. There are various
renditions of the false 'return to sender'. A couple of examples follow:

I'm afraid I wasn't able to deliver your message to one or more
Undeliverable mail to
I'm sorry to have to inform you that the message returned below could not be
delivered to one or more destinations.
Undeliverable message to
Undelivered mail to
Message follows:

F-Secure has a complete list at:

Mary Landesman
Antivirus Guide

----- Original Message ----- 
From: "Kye Lewis" <>
To: <>
Cc: "Craig Pratt" <>
Sent: Friday, September 26, 2003 10:03 AM
Subject: Re: [Full-Disclosure] Swen Really Sucks


> So, has anyone actually sent mail to an envelope sender to see if
> they're actually infected? Or is it possible this thing just likes to
> fake the same sender for all outgoing messages?

Seeing that I have a collection of around 2000 unique and believable
return-paths from this virus, it seems quite likely that they're legitimate.

Powered by blists - more mailing lists