From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,c7ee0d960296483,start X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-09-21 20:05:39 PST Path: archiver1.google.com!postnews1.google.com!not-for-mail From: aek@vib.usr.pu.ru (Alexander Kopilovitch) Newsgroups: comp.lang.ada Subject: Current "Swen" worm attack Date: 21 Sep 2003 20:05:37 -0700 Organization: http://groups.google.com/ Message-ID: NNTP-Posting-Host: 213.33.245.48 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1064199939 20000 127.0.0.1 (22 Sep 2003 03:05:39 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: 22 Sep 2003 03:05:39 GMT Xref: archiver1.google.com comp.lang.ada:42733 Date: 2003-09-22T03:05:39+00:00 List-Id: sk wrote (I got that by gateway digest, but strangely enough, couldn't find it in comp.land.ada via Google and another news-server, so I reply in separate message) : >The last 4 days have given me 13 attempted "swen" attacks ... You are very lucky - just 13! I got several hundred of them in last 3 days, and they still continue to arrive. I never before experienced an attack of comparable volume, and I still can't guess why I became such a prominent target now (all my friends, both here and in USA did not see anything unusual n their traffic these days). >Most seem to have, somewhere in the headers, some relation >to the cla mailing list ("ada-bouncer" in the "Received: " >fields or "List-Id: comp.lang.ada" in the header). I did not look (quite naturally -;) into all those viruses I received these days, but several ones that I explored had relevance neither to c.l.a. nor to the people visible in c.l.a. Generally, the population of senders of those virures seems (by their real addresses) quite respectable - they have well-known mail providers (no hotmail, yahoo or other free public mail servers), they often have names looking as normal person's name... One virus even came from the domain cira.premier-ministre.gouv.fr -;) Among those (several hundred) viruses only one seems somehow interesting (all others that I explored look like quite common messages, alhthoug with forged "From:" fields). Here is its headers: --------------------------------------------------------------------------- >From hqlgu!microsoft.com!rmailroutine Sun Sep 21 05:26:10 2003 Received: by vib.usr.pu.ru (UUPC/@ v7.00, 07Jan97) with UUCP id AA01553; Sun, 21 Sep 2003 05:26:10 +0400 (MSD) Received: from becha.pu.ru (tx0.becha.pu.ru [194.58.104.214]) by wg.pu.ru (8.9.1a/8.9.1) with ESMTP id TAA09858 for ; Sat, 20 Sep 2003 19:56:38 GMT Received: from asteroids.cybercomm.nl (arkanoid.scarlet-internet.nl [213.204.195.164]) by becha.pu.ru (8.12.8p1/8.12.8) with SMTP id h8KKITbI047393 for ; Sun, 21 Sep 2003 00:18:29 +0400 (MSD) (envelope-from rmailroutine@microsoft.com) Date: Sun, 21 Sep 2003 00:18:29 +0400 (MSD) Message-Id: <200309202018.h8KKITbI047393@becha.pu.ru> Received: (qmail-ldap/ctrl 12094 invoked from network); 20 Sep 2003 19:56:22 -0000 Received: from unknown (HELO ?192.168.0.2?) ([213.196.18.100]) (envelope-sender ) by cybercomm.vsp.scarlet-internet.nl (qmail-ldap-1.03) with SMTP for ; 20 Sep 2003 19:56:22 -0000 Received: from FQCZQLUG by [192.168.0.2] with SMTP (QuickMail Pro Server for Mac 2.1); 20-Sep-2003 21:39:21 +0200 FROM: "" TO: "Email Receiver" SUBJECT: Undeliverable Mail: User unknown Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="zdowicnvoammd" Lines: 1891 Status: R --------------------------------------------------------------------------- As you can see from the headers, the mail was initially sent to the address tojo@hotmail.com (I don't know what is it really), but then happened something strange - "qmail-ldap/ctrl", and the message was forwarded to me. Alexander Kopilovitch aek@vib.usr.pu.ru Saint-Petersburg Russia