From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,c7ee0d960296483 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-09-22 04:49:49 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!nntp.cs.ubc.ca!skynet.be!skynet.be!news.tele.dk!news.tele.dk!small.news.tele.dk!uninett.no!ntnu.no!not-for-mail From: Preben Randhol Newsgroups: comp.lang.ada Subject: Re: Current "Swen" worm attack Date: Mon, 22 Sep 2003 11:49:48 +0000 (UTC) Organization: PVV Message-ID: References: NNTP-Posting-Host: kiuk0152.chembio.ntnu.no X-Trace: tyfon.itea.ntnu.no 1064231388 13977 129.241.83.78 (22 Sep 2003 11:49:48 GMT) X-Complaints-To: usenet@itea.ntnu.no NNTP-Posting-Date: Mon, 22 Sep 2003 11:49:48 +0000 (UTC) User-Agent: slrn/0.9.8.0 (Linux) Xref: archiver1.google.com comp.lang.ada:42738 Date: 2003-09-22T11:49:48+00:00 List-Id: On 2003-09-22, Stephane Richard wrote: > To me a mind (hacker's mind that is) that seems to be limited to the fact > that they "think" they gain power by attempting to destroy other's systems > and server is nothing more than a "VERY primitive mind indeed". Dont know > what they are trying to prove, and to whom, but they only prove their > stupidity and ignorance to me, nothing else. Note that the worm grabs e.mail address from USENET groups such as thi groups. I got 3 copies of each virus as it had managed to find three addresses from the news groups. However I managed to put a stop to it by grepping (at the ISP) for a patterns in the base64 encoding of the exe files and sending the mails containing them into /dev/null. First day I got about 200-300 Mb of this virus. Preben