I have a new SWEN

[Jan Il]

Hi all - AVG 6.0 - Windows ME

Just curious, but, I just got a new version of SWEN on my OE, at least it is
the first for me. Has anyone else seen this one?

From: (e-mail address removed)

Subject: Network Critical Update

It does have the SWEN attachment, and appears to be trying to disguise the
From part. Perhaps in order to throw people off, or maybe confuse the Rules
or filter settings. This certainly does not fit the usual official look in
the From portion. Dang! Just about the time you think you have all basics
covered in setting the Rules, you're suddenly faced with a new tick on the
dog.

Regards,
Jan

 

[Bart Bailey]

In Message-ID:<4IUkb.71464$vj2.23314@fed1read06> posted on Mon, 20 Oct

Hi all - AVG 6.0 - Windows ME

Just curious, but, I just got a new version of SWEN on my OE, at least it is
the first for me. Has anyone else seen this one?

From: (e-mail address removed)

Subject: Network Critical Update

It does have the SWEN attachment, and appears to be trying to disguise the
From part. Perhaps in order to throw people off, or maybe confuse the Rules
or filter settings. This certainly does not fit the usual official look in
the From portion. Dang! Just about the time you think you have all basics
covered in setting the Rules, you're suddenly faced with a new tick on the
dog.

Regards,
Jan

You must have gotten it under your OE filter rules system,
because my MW filter would have caught and marked it for deletion.

 

[Jan Il]

Hi Bart!

In Message-ID:<4IUkb.71464$vj2.23314@fed1read06> posted on Mon, 20 Oct


You must have gotten it under your OE filter rules system,
because my MW filter would have caught and marked it for deletion.

Yeppa..that's the one. I have not seen it yet on the PC with the MW and the
filters you sent me. But, I'm still doing tests and research, so I keep one
PC set with OE settings only, and the other with the MW settings only. I am
finding the research on the OE more and more interesting as to what Rules
and Actions are listed, and what the actual results are when applying them.


Jan

 

[Jason Wade]

Hi all - AVG 6.0 - Windows ME

Just curious, but, I just got a new version of SWEN on my OE, at least it is
the first for me. Has anyone else seen this one?

Maybe, how big is the swen executable?

 

[Jan Il]

Hi Jason,

Maybe, how big is the swen executable?

The .exe is: Patch873.exe (106.KB)

Here's the details. It is the first one like this I have seen from the
newsletter:msdn:

Return-Path: <[email protected]>
Received: from mail44.fg.online.no ([148.122.161.44]) by lakemtai03.cox.net
(InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with ESMTP
id
<[email protected]>
for <[email protected]>; Mon, 20 Oct 2003 09:13:27 -0400
Received: from kmhb (ti300719a010-0068.dialup.online.no [130.67.253.68])
by mail44.fg.online.no (8.9.3p2/8.9.3) with SMTP id PAA27893;
Mon, 20 Oct 2003 15:08:16 +0200 (MEST)
Date: Mon, 20 Oct 2003 15:08:16 +0200 (MEST)
Message-Id: <[email protected]>
FROM: "" <[email protected]>
TO: "Client" <[email protected]>
SUBJECT: Network Critical Upgrade
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="wykxdepwkq"

--wykxdepwkq
Content-Type: multipart/related; boundary="gbhqrmguasqta";
type="multipart/alternative"

--gbhqrmguasqta
Content-Type: multipart/alternative; boundary="ivrdujdeu"

--ivrdujdeu
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

MS Client

this is the latest version of security update, the
"October 2003, Cumulative Patch" update which resolves
all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express
as well as three newly discovered vulnerabilities.
Install now to help protect your computer
from these vulnerabilities, the most serious of which could
allow an attacker to run executable on your computer.
This update includes the functionality =
of all previously released patches.

System requirements: Windows 95/98/Me/2000/NT/XP
This update applies to:
- MS Internet Explorer, version 4.01 and later
- MS Outlook, version 8.00 and later
- MS Outlook Express, version 4.01 and later

Recommendation: Customers should install the patch =
at the earliest opportunity.
How to install: Run attached file. Choose Yes on displayed dialog box.
How to use: You don't need to do anything after installing this item.


Microsoft Product Support Services and Knowledge Base articles =
can be found on the Microsoft Technical Support web site.
http://support.microsoft.com/

For security-related information about Microsoft products, please =
visit the Microsoft Security Advisor web site
http://www.microsoft.com/security/

Thank you for using Microsoft products.

Please do not reply to this message.
It was sent from an unmonitored e-mail address and we are unable =
to respond to any replies.

----------------------------------------------
The names of the actual companies and products mentioned =
herein are the trademarks of their respective owners.
Copyright 2003 Microsoft Corporation.

--ivrdujdeu
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<HTML>
<HEAD>
<style type=3D'text/css'>.navtext{color:#ffffff;text-decoration:none}
</style>
</HEAD>

<BODY BGCOLOR=3D"White" TEXT=3D"Black">
<BASEFONT SIZE=3D"2" face=3D"verdana,arial">
<TABLE WIDTH=3D"600" HEIGHT=3D"40" BGCOLOR=3D"#1478EB">
<TR height=3D"20">
<TD ALIGN=3D"left" VALIGN=3D"TOP" WIDTH=3D"400" ROWSPAN=3D"2">&nbsp;
<FONT FACE=3D"sans-serif" SIZE=3D"5"><I><B>
<A class=3D'navtext' HREF=3D"http://www.microsoft.com/"
TITLE=3D"Microsoft Home Site" target=3D"_top">Microsoft</A>
</B></I></FONT>
</TD>

<TD ALIGN=3D"right" VALIGN=3D"MIDDLE" BGCOLOR=3D"Black" NOWRAP>
<FONT color=3D"#ffffff" size=3D1>&nbsp;
<A class=3D'navtext' href=3D'http://www.microsoft.com/catalog/' =
target=3D"_top">All Products</A>&nbsp;|&nbsp;
<A class=3D'navtext' href=3D'http://support.microsoft.com/' =
target=3D"_top">Support</A>&nbsp;|&nbsp;
<A class=3D'navtext' href=3D'http://search.microsoft.com/' =
target=3D"_top">Search</A>&nbsp;|&nbsp;
<A class=3D'navtext' href=3D'http://www.microsoft.com/' target=3D_top>
Microsoft.com Guide</A>&nbsp;
</FONT>
</TD>
</TR>

<TR>
<TD ALIGN=3D"right" VALIGN=3D"BOTTOM" NOWRAP>
<FONT FACE=3D"Verdana, Arial" SIZE=3D1><B>
<A class=3D'navtext' HREF=3D'http://www.microsoft.com/' TARGET=3D" top">
Microsoft Home</A>&nbsp;&nbsp;</B>
</FONT>
</TD>
</TR>
</TABLE>

&nbsp;<IMG SRC=3D"cid:nrxmxop" BORDER=3D"0"><BR><BR>
<TABLE WIDTH=3D"600"><TR><TD><FONT SIZE=3D"2">
MS Client<BR><BR>
this is the latest version of security update, the
"October 2003, Cumulative Patch" update which resolves
all known security vulnerabilities affecting
MS Internet Explorer, MS Outlook and MS Outlook Express
as well as three newly discovered vulnerabilities.
Install now to help protect your computer
from these vulnerabilities, the most serious of which could
allow an attacker to run executable on your computer.
This update includes the functionality =
of all previously released patches.
</FONT></TD></TR>
</TABLE>

<BR><BR>
<TABLE BORDER=3D"1" CELLSPACING=3D"1" CELLPADDING=3D"3" WIDTH=3D"600">
<TR VALIGN=3D"TOP">
<TD NOWRAP><FONT SIZE=3D"1"><B><IMG SRC=3D"cid:teatwkl" =
ALIGN=3D"absmiddle" BORDER=3D"0">&nbsp;System requirements</B>
</FONT></TD>
<TD NOWRAP><FONT SIZE=3D"1">Windows 95/98/Me/2000/NT/XP</FONT></TD>
</TR>

<TR VALIGN=3D"TOP">
<TD NOWRAP><FONT SIZE=3D"1"><B><IMG SRC=3D"cid:teatwkl" =
ALIGN=3D"absmiddle" BORDER=3D"0">&nbsp;This update applies to</B>
</FONT></TD><TD NOWRAP>
<FONT SIZE=3D"1">
MS Internet Explorer, version 4.01 and later<BR>
MS Outlook, version 8.00 and later<BR>
MS Outlook Express, version 4.01 and later
</FONT>
</TD>
</TR>

<TR VALIGN=3D"TOP">
<TD NOWRAP><FONT SIZE=3D"1"><B><IMG SRC=3D"cid:teatwkl" =
ALIGN=3D"absmiddle" BORDER=3D"0">&nbsp;Recommendation</B></FONT></TD>
<TD NOWRAP><FONT SIZE=3D"1">Customers should install the patch =
at the earliest opportunity.</FONT></TD>
</TR>

<TR VALIGN=3D"TOP">
<TD NOWRAP><FONT SIZE=3D"1"><B><IMG SRC=3D"cid:teatwkl" =
ALIGN=3D"absmiddle" BORDER=3D"0">&nbsp;How to install</B></FONT></TD>
<TD NOWRAP><FONT SIZE=3D"1">Run attached file. =
Choose Yes on displayed dialog box.</FONT></TD>
</TR>

<TR VALIGN=3D"TOP">
<TD NOWRAP><FONT SIZE=3D"1"><B><IMG SRC=3D"cid:teatwkl" =
ALIGN=3D"absmiddle" BORDER=3D"0">&nbsp;How to use</B></FONT></TD>
<TD NOWRAP><FONT SIZE=3D"1">You don't need to do =
anything after installing this item.</FONT></TD>
</TR>
</TABLE>
<BR>

<TABLE WIDTH=3D"600"><TR><TD><FONT SIZE=3D"2">
Microsoft Product Support Services and Knowledge Base articles
can be found on the <A HREF=3D"http://support.microsoft.com/" =
TARGET=3D"_top">Microsoft Technical Support</A> web site. =
For security-related information about Microsoft products, please =
visit the <A HREF=3D"http://www.microsoft.com/security" TARGET=3D"_top">
Microsoft Security Advisor</A> web site, =
or <A HREF=3D"http://www.microsoft.com/contactus/contactus.asp" =
TARGET=3D"_top">Contact Us.</A>
<BR><BR>
Thank you for using Microsoft products.<BR><BR></FONT>
<FONT SIZE=3D"1">Please do not reply to this message. =
It was sent from an unmonitored e-mail address and we are unable =
to respond to any replies.<BR></FONT>

<HR COLOR=3D"Silver" SIZE=3D"1" WIDTH=3D"100%">
<FONT SIZE=3D"1" COLOR=3D"Gray">The names of the actual companies and =
products mentioned herein are the trademarks =
of their respective owners.</FONT>
</TD></TR></TABLE>

<BR>
<TABLE WIDTH=3D"600" HEIGHT=3D"45" BGCOLOR=3D"#1478EB">
<TR VALIGN=3D"TOP">
<TD WIDTH=3D"5"></TD>
<TD>
<FONT COLOR=3D"#FFFFFF" SIZE=3D"1"><B>
<A class=3D'navtext' HREF=3D"http://www.microsoft.com/=
contactus/contactus.asp" TARGET=3D"_top">Contact Us</A>
&nbsp;|&nbsp;
<A class=3D'navtext' HREF=3D"http://www.microsoft.com/legal/" =
TARGET=3D"_top">Legal</A>
&nbsp;|&nbsp;
<A class=3D'navtext' HREF=3D"https://www.truste.org/validate/605" =
TARGET=3D"_top" TITLE=3D"TRUSTe - Click to Verify">TRUSTe</A>
</FONT></B>
</TD>
</TR>

<TR VALIGN=3D"MIDDLE">
<TD WIDTH=3D"5"></TD>
<TD>
<FONT COLOR=3D"#FFFFFF" SIZE=3D"1">
&copy;2003 Microsoft Corporation. All rights reserved.
<A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/=
info/cpyright.htm" TARGET=3D"_top">Terms of Use</A>
&nbsp;|&nbsp;
<A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/=
info/privacy.htm" TARGET=3D"_top">
Privacy Statement</A>&nbsp;|&nbsp;
<A STYLE=3D"color:#FFFFFF;" HREF=3D"http://www.microsoft.com/=
enable/" TARGET=3D"_top">Accessibility</A>
</FONT>
</TD>
</TR>

</TABLE>
</BODY>
</HTML>

--ivrdujdeu--

--gbhqrmguasqta
Content-Type: image/gif
Content-Transfer-Encoding: base64
Content-ID: <nrxmxop>

Jan

 

[Jason Wade]

The .exe is: Patch873.exe (106.KB)

It looks like the original Swen.A.

But Swens B and C are out now. Swen.B is 52224 bytes
and uses UPX compression.

 

[scoopdamedia]

Hi Bart!

In Message-ID:<4IUkb.71464$vj2.23314@fed1read06> posted on Mon, 20 Oct

it

is

look

in

You must have gotten it under your OE filter rules system,
because my MW filter would have caught and marked it for deletion.

Yeppa..that's the one. I have not seen it yet on the PC with the MW and the
filters you sent me. But, I'm still doing tests and research, so I keep one
PC set with OE settings only, and the other with the MW settings only. I am
finding the research on the OE more and more interesting as to what Rules
and Actions are listed, and what the actual results are when applying them.


Jan
Yes, The hands behind this swen thing are now reconfiguring swen bug to get
past filters, thus requiring more new filters.

 

[Bart Bailey]

In Message-ID:<[email protected]> posted on Tue, 21

Yes, The hands behind this swen thing are now reconfiguring swen bug to get
past filters, thus requiring more new filters.

The filters I sent to Ms. J were of a generic nature,
and any swen variant would be caught by them.
If only she would tear herself away from OE,
quit trying to beat some performance from that long dead horse,
and just stay with MW til this swen thing passes.

 

[Jan Il]

Jason,

It looks like the original Swen.A.

But Swens B and C are out now. Swen.B is 52224 bytes
and uses UPX compression.

Oh...sort of a random thingie, huh? First ya got your A-Swen, then ya got

Hmm??...so.....what kind of mustache do you get with that...??

 

[Jan Il]

In Message-ID:<[email protected]> posted on Tue, 21


The filters I sent to Ms. J were of a generic nature,
and any swen variant would be caught by them.
If only she would tear herself away from OE,
quit trying to beat some performance from that long dead horse,
and just stay with MW til this swen thing passes.

Barrrt! Now how can you say that? Didn't they teach you Biology in junior
high? There is something to be gained from a dead horse...or
frog.....although, I do find the scorpion much more interesting.....ya just
gotta watch out for the tail. I'm being good and protecting my homestead
backyard with a proper fence and Venus Flytrap (MW). So...can't I be curious
about the white rabbit and the other side of the looking glass from another
venue? Where's your sense of adventure? ;-)))

Jan

 

[Jan Il]

Hey scoop!

Hi Bart!

least

it disguise
the the
Rules look on
the

Yeppa..that's the one. I have not seen it yet on the PC with the MW and the
filters you sent me. But, I'm still doing tests and research, so I keep one
PC set with OE settings only, and the other with the MW settings only.

I

am
finding the research on the OE more and more interesting as to what Rules
and Actions are listed, and what the actual results are when applying them.


Jan

Yes, The hands behind this swen thing are now reconfiguring swen bug to get
past filters, thus requiring more new filters.

I mentioned something along this line some time ago here, and got BOR
branded in my forehead. It was attributed to the various interactions of all
the many e-mail addys and such that Swen gleaned along the way. So, guess I
better polish up the BOR on the 'ol forehead. I know someone will want to
add an underline. ;-))

Regards,
Jan

 

[null]

Barrrt! Now how can you say that? Didn't they teach you Biology in junior
high? There is something to be gained from a dead horse...or
frog.....although, I do find the scorpion much more interesting.....ya just
gotta watch out for the tail. I'm being good and protecting my homestead
backyard with a proper fence and Venus Flytrap (MW). So...can't I be curious
about the white rabbit and the other side of the looking glass from another
venue? Where's your sense of adventure? ;-)))

Jan

Where's yours? Why remain stuck in the M$ internet app rut? There are
sane apps available (and free ones) which have been designed with
security in mind. Doesn't it make sense to try them out?


Art
http://www.epix.net/~artnpeg

 

[Bart Bailey]

In Message-ID:<Vlmlb.72479$vj2.52633@fed1read06> posted on Tue, 21 Oct

Barrrt! Now how can you say that? Didn't they teach you Biology in junior
high? There is something to be gained from a dead horse...or
frog.....although, I do find the scorpion much more interesting.....ya just
gotta watch out for the tail. I'm being good and protecting my homestead
backyard with a proper fence and Venus Flytrap (MW). So...can't I be curious
about the white rabbit and the other side of the looking glass from another
venue? Where's your sense of adventure? ;-)))

An intrepid sense of adventure is fine,
but when leads you to chase that rabbit through the paddock,
don't complain when you trip and land in something. ;-)

 

[Jan Il]

Hi Art!

Where's yours? Why remain stuck in the M$ internet app rut? There are
sane apps available (and free ones) which have been designed with
security in mind. Doesn't it make sense to try them out?

Yeah... I know....and I have thought seriously about some apps I've gotten
expert advice on. But, I've had a bit of problems with some of that
information
and advice, thus, it's not that I'm *stuck* in the MS rut, I'm just a tad
leery of
diving head first into a swimming hole without first checking to see just
how
deep it is and what all is hidden under the water. As far as security is
concerned, well...ahmm...let's just say that, if someone *really* wants
to know about ya, they'll find a way, no matter if you use a phony or
foreign
addy. Yeppers...even from right here....

'k..now...since you brought the subject up, name a few apps (free will do
nicely) and I'll have a look see. If I find one I might like, I'll try it.
Fair 'nuf? ;-))

Jan

 

[Jan Il]

In Message-ID:<Vlmlb.72479$vj2.52633@fed1read06> posted on Tue, 21 Oct


An intrepid sense of adventure is fine,
but when leads you to chase that rabbit through the paddock,
don't complain when you trip and land in something. ;-)

I know....'k....so..I'll leave the white rabbit for another time....(sigh)

Just couldn't resist running the stick across the fence rails to see if you
were still awake. <bg> But, being a Texas gal, I do know the difference
'tween a horse heave, a meadow muffin and a bunny boogle. And, one of the
first important lessons I learned as a kid was, ya don't ever go in the
paddock on foot... ;-)))

Jan

 

[null]

Hi Art!

Yeah... I know....and I have thought seriously about some apps I've gotten
expert advice on. But, I've had a bit of problems with some of that
information
and advice, thus, it's not that I'm *stuck* in the MS rut, I'm just a tad
leery of
diving head first into a swimming hole without first checking to see just
how
deep it is and what all is hidden under the water. As far as security is
concerned, well...ahmm...let's just say that, if someone *really* wants
to know about ya, they'll find a way, no matter if you use a phony or
foreign
addy. Yeppers...even from right here....

I don't have in mind so much personal info security as much as I'm
thinking of malware security (prevention of infestations). After all,
this is a antivirus n.g.

'k..now...since you brought the subject up, name a few apps (free will do
nicely) and I'll have a look see. If I find one I might like, I'll try it.
Fair 'nuf? ;-))

I don't use anything but free since there's an excellent selection.
I've used Pegasus for email and Free Agent for newsgroups for many
years. You can use Pegasus without concern for malware at all. It's
bullet proof. Free Agent is also quite safe.

More recently, because of a problem on my particular PC with Pegasus,
I'm using the email feature of Mozilla 1.5 (the latest release). So
far as I can tell so far, it's pretty safe to use. It won't allow you
to run attackments and it defaults to not having Java Script enabled
in email.

There are other good apps which have been designed with malware
security in mind as well. But these suggestions should keep you busy
enough for awhile if you want to give them a shot.

Certainly give Mozilla and/or Firebird (for browsing) a try if you
haven't.


Art
http://www.epix.net/~artnpeg

 

[Jan Il]

I don't have in mind so much personal info security as much as I'm
thinking of malware security (prevention of infestations). After all,
this is a antivirus n.g.

Ohhh...yeah.../that/ security...sorry...there are so many kinds that some
programs deal with. I was thinking of the kind that gets on your PC and
then sends stuff back out, like your banking info, any personal info you
might have on your computer....yeah....that kind...see? That is why I have
ZoneAlarm, and run SpyBot and AdAware every day, especially right after I
have to go on the Internet.

it. Fair 'nuf? ;-))

I don't use anything but free since there's an excellent selection.
I've used Pegasus for email and Free Agent for newsgroups for many
years. You can use Pegasus without concern for malware at all. It's
bullet proof. Free Agent is also quite safe.

More recently, because of a problem on my particular PC with Pegasus,
I'm using the email feature of Mozilla 1.5 (the latest release). So
far as I can tell so far, it's pretty safe to use. It won't allow you
to run attachments and it defaults to not having Java Script enabled
in email.

Yes...I have heard many good things about Free Agent, and Mozilla. Pegasus
has also been mentioned, but, perhaps a bit much. I guess it depends on what
you need, or want. In addition to my regular job, I'm also an Access
database and custom graphics developer, which I do from home, and I have to
be able to send and receive attachments to/from clients, as well as family.
So there are some important areas of various program restrictions and
asettings that I really have to take into consideration. But, just to be
fair,
I will review this one as well.

There are other good apps which have been designed with malware
security in mind as well. But these suggestions should keep you busy
enough for awhile if you want to give them a shot.

Certainly give Mozilla and/or Firebird (for browsing) a try if you
haven't.

'k...thanks Art. Haven't heard that much about Firebird.....but, I'll check
it out too. I do appreciate the info and I'll follow up with it. Brownie's
honor. ;-))

Jan