[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <014d01c3843f$dc942bd0$a4511a42@MLANDE>
From: mlande at bellsouth.net (Mary Landesman)
Subject: Swen Really Sucks
Swen does not only compose email pretending to be a patch from Microsoft. It
also composes email pretending to be a bounced message. There are various
renditions of the false 'return to sender'. A couple of examples follow:
-----------------------------------------
Hi.
I'm afraid I wasn't able to deliver your message to one or more
destinations.
Undeliverable mail to ykhytbgqcg@...foot.net
------------------------------------------
I'm sorry to have to inform you that the message returned below could not be
delivered to one or more destinations.
Undeliverable message to sxlpvjk@...rica.net
------------------------------------------
Undelivered mail to pdijepslaw@...mail.net
Message follows:
-----------------------------------------
F-Secure has a complete list at:
http://www.f-secure.com/v-descs/swen.shtml
Regards,
Mary Landesman
Antivirus About.com Guide
http://antivirus.about.com
----- Original Message -----
From: "Kye Lewis" <kye@...islan.id.au>
To: <full-disclosure@...ts.netsys.com>
Cc: "Craig Pratt" <craig@...ong-box.net>
Sent: Friday, September 26, 2003 10:03 AM
Subject: Re: [Full-Disclosure] Swen Really Sucks
[..]
> So, has anyone actually sent mail to an envelope sender to see if
> they're actually infected? Or is it possible this thing just likes to
> fake the same sender for all outgoing messages?
Seeing that I have a collection of around 2000 unique and believable
return-paths from this virus, it seems quite likely that they're legitimate.
Powered by blists - more mailing lists