swen subject line shift

  • Thread starter Thread starter RB
  • Start date Start date
R

RB

The Swen traffic I've gotten for the last several hours has shifted in the
subject line away from the security patch topic and now is all over the
place with different words, but which mean about the same.

This lets it slide around filter rules that were in place for the previous
subject line wording.
 
from the wonderful person RB said:
The Swen traffic I've gotten for the last several hours has shifted in the
subject line away from the security patch topic and now is all over the
place with different words, but which mean about the same.

This lets it slide around filter rules that were in place for the previous
subject line wording.
Click to expand...

Yes, it's basically unfilterable - you can get 50% of them by bouncing
anything with 'microsoft' in the subject, but the fake bounce message
still get through. Each attempt to infect seems to comprise one of each
(from the same infected machine to me). After the first 20 or 30 I
stopped bothering even to report them via spamcop (the originating IP
appears genuine).

It's amounting to a DoS attack on w/wide email, at the current rate.
8<,
 
Yes, it's basically unfilterable - you can get 50% of them by bouncing
anything with 'microsoft' in the subject, but the fake bounce message
still get through.
Click to expand...


I seemed to have eliminated 100% by simply filtering anything with an
attachment.
 
from the said:
I seemed to have eliminated 100% by simply filtering anything with an
attachment.
Click to expand...

Won't work for me, I get real emails with real attachments (from real
people) .. baby, bathwater, you know the rest. However at the current
rate (now ~300 in the last 16 hours) something drastic is going to get
done soon.
 
GSV Three Minds in a Can said:
attachment.

Won't work for me, I get real emails with real attachments (from real
people) .. baby, bathwater, you know the rest. However at the current
rate (now ~300 in the last 16 hours) something drastic is going to get
done soon.
Click to expand...
,
I tried with Outlook Express to filter out anything with an attachment. I
set the rule to delete any message with an attachment from the server. Here
is what the rule says:

Apply this rule after the message arrives
Where the message has an attachment
Delete it from server

It doesn't seem to work. I still get the messages.
Also the "Apply this rule after the message arrives" seems to be my only
option.
Am I missing something with Outlook Express except the obvious " Use another
email program."

Thanks,
Jim
 
RB said:
The Swen traffic I've gotten for the last several hours has shifted in the
subject line away from the security patch topic and now is all over the
place with different words, but which mean about the same.

This lets it slide around filter rules that were in place for the previous
subject line wording.
Click to expand...

I get all of them with the following Outlook rule:

Apply this rule after message arrives
with 'this is the latest version of security update' in the body
perminantly delete it
and stop processing more rules
 
from the wonderful person said:
I get all of them with the following Outlook rule:

Apply this rule after message arrives
with 'this is the latest version of security update' in the body
perminantly delete it
and stop processing more rules
Click to expand...

There are 1001 ways of stopping it IFF you download the bodies of the
damn things. For those of us not on broadband that isn't an option
though - need to filter on something in the header, before doing the
download. 8<,
 
There are 1001 ways of stopping it IFF you download the bodies of the
damn things. For those of us not on broadband that isn't an option
though - need to filter on something in the header, before doing the
download. 8<,
Click to expand...

For those of us that are not involved in a commercial venture and
seldom/never receive emails from 'new' people, using the address
book to approve everyone you know and reject everything else, works
fine.

BoB
 
For those of us that are not involved in a commercial venture and
seldom/never receive emails from 'new' people, using the address
book to approve everyone you know and reject everything else, works
fine.
Click to expand...


That's what I did. Got me a Hotmail account, activated the "exclusive"
mail rule and no Swen. None.
 
Back
Top