SWEN.A

  • Thread starter Thread starter Per Münster
  • Start date Start date
P

Per Münster

Hello,

I run two mail-adresses, and depending on the computer I have used for
accessing news-servers I have used one of these two addresses as the
reply-address.

However both e-mails have in turn taken noumerous mails of spam regarding
fake securityupdates from Microsoft and so on. All mails with virus have
been cleaned off in a hosted viruswall.

I do have a feeling that the two addresses have been found in newsgroups -
which is why I now mask out a none existend e-mail-address. Can anyone
confirm this theory?

Regards

Per Münster
 
It's an interesting question. According to the descriptions of how Swen
works, once it's on a machine it searches for any email addresses it can
find so as to broaden its search for victims.

But I have four email addresses, and the only one that's getting Swenned is
the one that I've used for the past couple of years exclusively for news
groups. (That makes the assault very easy to handle -- I just have Outlook
delete everything that comes into that box.) Another box that gets a lot
of the usual viagra/penis enlargement/etc. spam hasn't received a single
Swen attack.

The fact that I keep getting messages in the one box but it hasn't spread to
the others leads me to think Swen is having trouble spreading -- maybe
because a lot of PCs are already defended with AV and browser patches. Some
infected machines somewhere have been spewing the stuff for days, but it
looks as if my count today will be lower than yesterday, so it seems to be
tapering off.

Garry
 
Per Münster said:
Hello,

I run two mail-adresses, and depending on the computer I have used for
accessing news-servers I have used one of these two addresses as the
reply-address.

However both e-mails have in turn taken noumerous mails of spam regarding
fake securityupdates from Microsoft and so on. All mails with virus have
been cleaned off in a hosted viruswall.

I do have a feeling that the two addresses have been found in newsgroups -
which is why I now mask out a none existend e-mail-address. Can anyone
confirm this theory?
Click to expand...

Swen worm does indeed harvest from newsgroup postings.
 
Yes,

That is the description I read. It picks up target e-mail addresses from
news groups.

Dan
 
Hallo Garry!

This somehow confirms my theory, because the address that startet catching
the SWEN-thing was in no other way public, than being presentet on the mails
I sent to news-groups.

The one now taking trouble was additionally presented on my website (this
takes about 5000 hits until now in September), and this does not make it
VERY public.

Regards

Per Münster

<no e-mail-address presentet here any more ;-) >
 
Back
Top