[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Swen Really Sucks
- To: "Kye Lewis" <kye@xxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] Swen Really Sucks
- From: "Mary Landesman" <mlande@xxxxxxxxxxxxx>
- Date: Fri, 26 Sep 2003 11:07:11 -0400
Swen does not only compose email pretending to be a patch from Microsoft. It
also composes email pretending to be a bounced message. There are various
renditions of the false 'return to sender'. A couple of examples follow:
-----------------------------------------
Hi.
I'm afraid I wasn't able to deliver your message to one or more
destinations.
Undeliverable mail to ykhytbgqcg@xxxxxxxxxxx
------------------------------------------
I'm sorry to have to inform you that the message returned below could not be
delivered to one or more destinations.
Undeliverable message to sxlpvjk@xxxxxxxxxxx
------------------------------------------
Undelivered mail to pdijepslaw@xxxxxxxxxxx
Message follows:
-----------------------------------------
F-Secure has a complete list at:
http://www.f-secure.com/v-descs/swen.shtml
Regards,
Mary Landesman
Antivirus About.com Guide
http://antivirus.about.com
----- Original Message -----
From: "Kye Lewis" <kye@xxxxxxxxxxxxxx>
To: <full-disclosure@xxxxxxxxxxxxxxxx>
Cc: "Craig Pratt" <craig@xxxxxxxxxxxxxx>
Sent: Friday, September 26, 2003 10:03 AM
Subject: Re: [Full-Disclosure] Swen Really Sucks
[..]
> So, has anyone actually sent mail to an envelope sender to see if
> they're actually infected? Or is it possible this thing just likes to
> fake the same sender for all outgoing messages?
Seeing that I have a collection of around 2000 unique and believable
return-paths from this virus, it seems quite likely that they're legitimate.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html