From: aek@vib.usr.pu.ru (Alexander Kopilovitch)
Subject: Re: Current "Swen" worm attack
Date: 22 Sep 2003 17:39:05 -0700
Date: 2003-09-23T00:39:06+00:00 [thread overview]
Message-ID: <e2e5731a.0309221639.48c4a1ed@posting.google.com> (raw)
In-Reply-To: slrnbmtoes.77c.randhol+abuse@kiuk0152.chembio.ntnu.no
Preben Randhol wrote:
> Note that the worm grabs e.mail address from USENET groups such as thi
> groups.
Yes, today I received one unusual result of this virus's action - virus at last
reached central Russia (specifically, Nizhnij Novgorod) and here, on non-friendly
territory, it somehow loses control -:) . So, inside that message I receieved
full list of addresses, to which the virus attempted to send messages that time.
First half of this list was very familiar to me - all addresses there were
well-known correspondents to comp.lang.ada (including you and me). The second
half of the list was of quite another nature... I don't know anyone of those
addresses, except the name in the last address - it was full name of famous in
the past German football player (and now senior football official) -:) .
> I got 3 copies of each virus as it had managed to find three
> addresses from the news groups.
I'm getting only 2 copies of each virus.
> However I managed to put a stop to it by
> grepping (at the ISP) for a patterns in the base64 encoding of the exe files
> and sending the mails containing them into /dev/null.
Well, you are lucky in that you are permitted to do things at your ISP -;)
Interesting, how much time will pass until the persons responsible for general
Internet security will indentify and shot the websites that spread infection?
> First day I got about 200-300 Mb of this virus.
I think I got about 80-90 Mb for now (that is, for 4 days).
Alexander Kopilovitch aek@vib.usr.pu.ru
Saint-Petersburg
Russia
next prev parent reply other threads:[~2003-09-23 0:39 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-09-22 3:05 Current "Swen" worm attack Alexander Kopilovitch
2003-09-22 10:27 ` Stephane Richard
2003-09-22 11:45 ` chris
2003-09-23 3:49 ` Wes Groleau
2003-09-22 11:49 ` Preben Randhol
2003-09-22 21:42 ` Randy Brukardt
2003-09-23 7:10 ` Preben Randhol
2003-09-23 7:35 ` Vinzent Hoefler
2003-09-23 0:39 ` Alexander Kopilovitch [this message]
2003-09-23 4:11 ` David Marceau
2003-09-23 11:08 ` Jeff C,
2003-09-23 15:41 ` Ludovic Brenta
2003-09-24 1:14 ` Jeff C,
2003-09-24 8:20 ` Martin Krischik
2003-09-25 10:10 ` Ludovic Brenta
2003-09-25 11:01 ` Martin Krischik
2003-09-25 11:32 ` Preben Randhol
2003-09-25 12:07 ` Ludovic Brenta
2003-09-25 13:47 ` Stephen Leake
2003-09-23 18:47 ` Randy Brukardt
2003-09-23 20:56 ` Berend de Boer
[not found] ` <3F6FA78D.3070708@myob.com>
2003-10-03 13:41 ` sk
2003-10-03 14:17 ` Preben Randhol
2003-09-23 3:44 ` Current "Swen" worm attack - a tip Wes Groleau
2003-09-23 7:33 ` Preben Randhol
2003-09-23 17:44 ` Jeffrey Carter
2003-09-23 18:00 ` Brian Catlin
2003-09-23 19:14 ` tmoran
2003-09-23 20:55 ` Berend de Boer
2003-09-24 10:08 ` Dmitry A. Kazakov
2003-09-24 21:50 ` Wes Groleau
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox