lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: mlande at bellsouth.net (Mary Landesman)
Subject: Swen Really Sucks

Swen does not only compose email pretending to be a patch from Microsoft. It
also composes email pretending to be a bounced message. There are various
renditions of the false 'return to sender'. A couple of examples follow:

-----------------------------------------
Hi.
I'm afraid I wasn't able to deliver your message to one or more
destinations.
Undeliverable mail to ykhytbgqcg@...foot.net
------------------------------------------
I'm sorry to have to inform you that the message returned below could not be
delivered to one or more destinations.
Undeliverable message to sxlpvjk@...rica.net
------------------------------------------
Undelivered mail to pdijepslaw@...mail.net
Message follows:
-----------------------------------------

F-Secure has a complete list at:
http://www.f-secure.com/v-descs/swen.shtml

Regards,
Mary Landesman
Antivirus About.com Guide
http://antivirus.about.com


----- Original Message ----- 
From: "Kye Lewis" <kye@...islan.id.au>
To: <full-disclosure@...ts.netsys.com>
Cc: "Craig Pratt" <craig@...ong-box.net>
Sent: Friday, September 26, 2003 10:03 AM
Subject: Re: [Full-Disclosure] Swen Really Sucks


[..]

> So, has anyone actually sent mail to an envelope sender to see if
> they're actually infected? Or is it possible this thing just likes to
> fake the same sender for all outgoing messages?

Seeing that I have a collection of around 2000 unique and believable
return-paths from this virus, it seems quite likely that they're legitimate.


Powered by blists - more mailing lists