From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,c7ee0d960296483 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-09-22 14:39:53 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!sn-xit-03!sn-xit-04!sn-xit-06!sn-post-01!supernews.com!corp.supernews.com!not-for-mail From: "Randy Brukardt" Newsgroups: comp.lang.ada Subject: Re: Current "Swen" worm attack Date: Mon, 22 Sep 2003 16:42:02 -0500 Organization: Posted via Supernews, http://www.supernews.com Message-ID: References: X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 5.50.4807.1700 X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 X-Complaints-To: abuse@supernews.com Xref: archiver1.google.com comp.lang.ada:42762 Date: 2003-09-22T16:42:02-05:00 List-Id: Preben Randhol wrote: > Note that the worm grabs e.mail address from USENET groups such as thi > groups. I got 3 copies of each virus as it had managed to find three > addresses from the news groups. However I managed to put a stop to it by > grepping (at the ISP) for a patterns in the base64 encoding of the exe files > and sending the mails containing them into /dev/null. > > First day I got about 200-300 Mb of this virus. Glad to hear that others are getting it worse. I've "only" gotten about 100 MB of it so far (about 1200 copies). The problem actually has been helped by the fact that my antivirus (even though completely up to date) doesn't catch all of them. That has let me use my spam filter to automatically delete them rather than fill up the mail server's disk with quarentines. But a couple more attacks and we're all going back to paper and pencil... Randy.