Re: Current "Swen" worm attack

[aek@vib.usr.pu.ru (Alexander Kopilovitch)]

Preben Randhol wrote:

> Note that the worm grabs e.mail address from USENET groups such as thi
> groups.

Yes, today I received one unusual result of this virus's action - virus at last
reached central Russia (specifically, Nizhnij Novgorod) and here, on non-friendly
territory, it somehow loses control -:) . So, inside that message I receieved
full list of addresses, to which the virus attempted to send messages that time.
First half of this list was very familiar to me - all addresses there were
well-known correspondents to comp.lang.ada (including you and me). The second
half of the list was of quite another nature... I don't know anyone of those
addresses, except the name in the last address - it was full name of famous in
the past German football player (and now senior football official) -:) .

> I got 3 copies of each virus as it had managed to find three
> addresses from the news groups.

I'm getting only 2 copies of each virus.

> However I managed to put a stop to it by
> grepping (at the ISP) for a patterns in the base64 encoding of the exe files
> and sending the mails containing them into /dev/null.

Well, you are lucky in that you are permitted to do things at your ISP -;)
Interesting, how much time will pass until the persons responsible for general
Internet security will indentify and shot the websites that spread infection?
 
> First day I got about 200-300 Mb of this virus.

I think I got about 80-90 Mb for now (that is, for 4 days).


 
Alexander Kopilovitch                      aek@vib.usr.pu.ru
Saint-Petersburg
Russia