Thoughts on MS virus....

  • Thread starter Thread starter Heather
  • Start date Start date
H

Heather

I am noticing that I get a Swen MS Patch.......it is immediately
followed by a bounce message. They seem to come in pairs.

When I check the headers of these pairs.......they always have the same
Return Path. I am not making any guesses or observations other than
this.....and I have been checking them for days.

Maybe it is a combination Return Path ... maybe it is like Klez with
the infected computer in the RP......but rather imagine if is the
former.

Any thoughts??

Heather
 
Bitstring
from the said:
I am noticing that I get a Swen MS Patch.......it is immediately
followed by a bounce message. They seem to come in pairs.

When I check the headers of these pairs.......they always have the same
Return Path. I am not making any guesses or observations other than
this.....and I have been checking them for days.

AIUI this is the same infected PC trying to get to you two different
ways - the 'gibe.b' method (please turn your brain off and install this
alleged SM patch), and the 'malformed MIME header' exploit (used by all
sorts of things) which disguises a .scr file as a .wav, and hopes you'll
open it in a preview window on an un-patched (>2 years old!) version of
OE6.
 
Bitstring


AIUI this is the same infected PC trying to get to you two different
ways - the 'gibe.b' method (please turn your brain off and install this
alleged SM patch), and the 'malformed MIME header' exploit (used by all
sorts of things) which disguises a .scr file as a .wav, and hopes you'll
open it in a preview window on an un-patched (>2 years old!) version of
OE6.

Aha! I have been getting almost of my Swen virus attempts in pairs, a
few minutes apart. Since my ISP cleans the attachment, or in this
case deletes the attachment, I haven't been looking at that detail.
Thanks for the explanation.
 
GSV Three Minds in a Can said:
Bitstring
<[email protected]>, from the


AIUI this is the same infected PC trying to get to you two different
ways - the 'gibe.b' method (please turn your brain off and install this
alleged SM patch), and the 'malformed MIME header' exploit (used by all
sorts of things) which disguises a .scr file as a .wav, and hopes you'll
open it in a preview window on an un-patched (>2 years old!) version of
OE6.

Thanks my dear.......I was watching this for a few days and noticed the
similarity to Klez......but wasn't sure if these were the real addresses
of the infected computer, or a combination address as in later viruses.

I appreciate the explanation as well......and I have a fully patched OE6
with all the requisite anti-virus tweaks. I use EZ Trust, so it doesn't
go off when they are downloading.....plus it gives me the opportunity to
check the headers.

Cheers.....Heather
 
Back
Top