when will it stop ?

[Scott Tyler]

I've gone from 1 "microsoft patch" message a month..to 1 a week...to 1 a
day...to 30 a day..

even though anitvirus catches them..what is the answer ?

change email addys ?


this is stupid.

 

[Stephen Green]

I've gone from 1 "microsoft patch" message a month..to 1 a week...to 1 a
day...to 30 a day..

even though anitvirus catches them..what is the answer ?

change email addys ?


this is stupid.

==================================================

It is more than stupid, it is irresponsibility on the part of ISPs. Seems to
me that on discovery of this problem appropriate filters could be put in
place to kill both incoming and out going msgs.

I clearly don't understand why this is happening and what gets me even more
is that the news services haven't even picked up on the problem.

While one would hope that the 'authorities' would key into this issue, it
seems they are not interested.

The idiot(s) who spawned this attack should be caught, strung up on a strong
tree limb of every city in the world and recieve 20 hard lashes from a snake
whip! At the end, this idiot(s) should be slowly boiled in a large vat of
hot oil and fed to the rats!

 

[Vector Viper]

I've gone from 1 "microsoft patch" message a month..to 1 a week...to 1 a
day...to 30 a day..

even though anitvirus catches them..what is the answer ?

change email addys ?


this is stupid.

My god, I have over 500 messages myself, 99% are "undeleverable" mail
notices from
adresses I don't know, and those $#^#$ MS security paches......
I'm glad I'm not the only one, but man, where is this crap coming from?!?!?!

Death to spammers!!

Viper

 

[Frans Meijer]

It is more than stupid, it is irresponsibility on the part of ISPs. Seems to
me that on discovery of this problem appropriate filters could be put in
place to kill both incoming and out going msgs.

This is not the responsibility of the ISP's, but that of the virus
creator *and* that of end-users executing the attachment.

I clearly don't understand why this is happening and what gets me even more
is that the news services haven't even picked up on the problem.

While one would hope that the 'authorities' would key into this issue, it
seems they are not interested.

This ones seems to take interest mostly in addresses it finds in
newsgroups. Apparently there aren't that many people posting there, and
with their real address) to make it a big issue for the media.

 

[David Carley]

I've gone from 1 "microsoft patch" message a month..to 1 a week...to 1 a
day...to 30 a day..

even though anitvirus catches them..what is the answer ?

change email addys ?


this is stupid.

This weekend, From Saturday 8:25am - Today (Sunday) I have recieved about
250 e-mail and 90 of them were from stupid people pretending to be
Microsoft.

David.

 

[Intruder9]

ISP's don't really care, when this first started I was receiving 1message
about every 15 minutes and contacted RR's technical help because honestly
guys somethings wrong here. I was directed to a site where I could read up
on spam and there headers and try to figure out this mess. I told the idiot
I had already done this and I did not consider it as my job when I was
paying them 45 a month to give me good service. He then asked me if there
was anything else he could help me out with!!!!!!!!!! What a crock I
politely told him he had not been one bit of help and stoped the
conversation before I said something I would regret, I was already fuming
before I talked to him, now I was boiling.

 

[John DeRosa]

I've gone from 1 "microsoft patch" message a month..to 1 a week...to 1 a
day...to 30 a day..

even though anitvirus catches them..what is the answer ?

change email addys ?


this is stupid.

Another irritating thing about this virus is that normal "bounce" messages will
be marked as spam from now on by many (most?) (all?) of the anti-spam software
out there.

I run Mozilla, and have been training it to recognize these bounce messages as
spam. It's catching over 90% of them, and only a few variants get through to my
Inbox.

But when all this is over, my filter will have been trained to mark any such
bounce message as spam --- even, of course, if it is legitimately a valid bounce
message that I would want to see.

So the choices will be, remove these from my filter (can't do this in Mozilla
now -- there's now way to edit the training set), leaving me open to the virus
again, or hope that ISPs change the content of their bounce messages (doubtful),
or have less trust in my spam filter...

Grumble...

 

[scoopdamedia]

Seems to be slowing down, from where I am in NYC. Maybe after the weekend,
internet honchos will go into jobs Monday morning and start to brew
something up to finally end this event. Cross our fingers.

 

[Beauregard T. Shagnasty]

Vector Viper pounced upon this pigeonhole and pronounced:

Death to spammers!!

Hey, I'll agree with that.

But SWEN is not coming from spammers. It's coming from clueless users with
unprotected computers and lack of common sense.

http://www.vigilante.com/inetsecurity/socialengineering.htm
"Social engineering can be regarded as "people hacking"." ...

 

[FromTheRafters]

...He then asked me if there was anything else he could help me out with!!!!!!!!!!

Personally, I would like to shake that persons hand.
Excellent work whoever he was....

I'm not suggesting that the ISPs are not supposed to do
anything, but that the phone support people have a job
to do as well, and this was a classic move ~ well executed. ;o)

 

[FromTheRafters]

But when all this is over....

As long as invalid addresses are harvestable, this aspect
will not be over. Bouncing is a legitimate function as you
know, and some worms even manufacture their very own
invalid addresses by concatenating address fragments, so
harvesting of invalids is not the only issue.

....it will be over when enough users become clueful,
i.e. probably never.

 

[Marc]

I have received over 40 of these "Microsoft" patches in the past 12 hours.

Pretty frustrating!

 

[Jeffrey A. Setaro]

I have received over 40 of these "Microsoft" patches in the past 12 hours.

Only 40? Consider yourself lucky... I'm averaging 200-300 a day.

Pretty frustrating!

Nah... It's damned annoying.

--
Cheers-

Jeff Setaro
jasetaro <at> mags.net
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34

 

[Bart Bailey]

Only 40? Consider yourself lucky... I'm averaging 200-300 a day.


Nah... It's damned annoying.

Hey Jeff;

I noticed your addy as well as many of the regulars in the "to" list on
one of those mails today. It was ostensibly addressed to Chris but had
some thirty or more familiar addys. Of course it wouldn't be complete
without the 152kb lagniappe. <g>

 

[James Egan]

I noticed your addy as well as many of the regulars in the "to" list on
one of those mails today. It was ostensibly addressed to Chris but had
some thirty or more familiar addys. Of course it wouldn't be complete
without the 152kb lagniappe. <g>

I've been >1000 today as opposed to <1000 previously. What's keeping
this worm going when the last one fizzled out after a few days?


Jim.

 

[Heather]

I've been >1000 today as opposed to <1000 previously. What's keeping
this worm going when the last one fizzled out after a few days?

Wasn't the last one programmed to self-destruct in a few days???

HF

 

[Jeffrey A. Setaro]

I've been >1000 today as opposed to <1000 previously. What's keeping
this worm going when the last one fizzled out after a few days?

Swen harvests addesses from HTML, ASP, EML, DBX, WAB, & MBX files as
well as from news servers. With that many potential sources and the
never ending supply clueless users we're going living with Swen for
awhile.

I'm trying to get my ISP to start filtering out Swen. As it is their
gateway scanner strips the attachment and and sends the body of the
message on.

--
Cheers-

Jeff Setaro
jasetaro <at> mags.net
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34

 

[Jeffrey A. Setaro]

Wasn't the last one programmed to self-destruct in a few days???

Sort of... Sobig.F was programmed to stop spreading on September 10th.
There's still a whole bunch of infected machines out their though.

--
Cheers-

Jeff Setaro
jasetaro <at> mags.net
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34

 

[Jeffrey A. Setaro]

Hey Jeff;

I noticed your addy as well as many of the regulars in the "to" list on
one of those mails today. It was ostensibly addressed to Chris but had
some thirty or more familiar addys. Of course it wouldn't be complete
without the 152kb lagniappe. <g>

I saw that... I don't think that message was generated by the virus
though.

--
Cheers-

Jeff Setaro
jasetaro <at> mags.net
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34

 

[GSV Three Minds in a Can]

I've been >1000 today as opposed to <1000 previously. What's keeping
this worm going when the last one fizzled out after a few days?

User stupidity, plus it's mining a whole bunch of email addresses (from
usenet) which have probably not been hit before, plus it spreads via
Kazaa, and open network shares (can you say 'Plonkers'!) plus every
infected PC sends you two (at least) emails.

Still I'm down from ~1300 Saturday (~300 of which got through) to ~1000
Sunday (~10 got through), to ?? (results not yet in) Monday.