SCOUG Logo


Next Meeting: Sat, TBD
Meeting Directions

Be a Member
Join SCOUG

Navigation:


Help with Searching

20 Most Recent Documents
Search Archives
Index by date, title, author, category.

Features:

Mr. Know-It-All
Ink
Download!




SCOUG:

Home

Email Lists

SIGs (Internet, General Interest, Programming, Network, more..)

Online Chats

Business

Past Presentations

Credits

Submissions

Contact SCOUG

Copyright SCOUG


warp expowest
Pictures from Sept. 1999
The views expressed in articles on this site are those of their authors.

warptech
SCOUG was there!

Copyright 1998-2024, Southern California OS/2 User Group. ALL RIGHTS RESERVED.

SCOUG, Warp Expo West, and Warpfest are trademarks of the Southern California OS/2 User Group. OS/2, Workplace Shell, and IBM are registered trademarks of International Business Machines Corporation. All other trademarks remain the property of their respective owners.

The Southern California OS/2 User Group
USA

SCOUG-HELP Mailing List Archives

Return to [ 26 | September | 2003 ]

<< Previous Message << >> Next Message >>

Date: Fri, 26 Sep 2003 08:04:26 PDT7
From: Peter Skye <pskye@peterskye.com >
Reply-To: scoug-help@scoug.com
To: scoug-help@scoug.com
Subject: SCOUG-Help: Which virus emails are you getting ?

Content Type: text/plain

=====================================================
If you are responding to someone asking for help who
may not be a member of this list, be sure to use the
REPLY TO ALL feature of your email program.
=====================================================

Peter Skye wrote:
>
> For those of you who are also getting this stuff, are you
> getting just Swen (which looks like a Microsoft update), just
> Exploit (which looks like an email bounceback), or both?

Update on this. I compared the attachments in these two different
groups of messages and they're all the same.

So I extracted the base64 attachment and decoded it with uudeview, and
found the Microsoft "Swen" virus html and executable embedded in it.

What's apparently happening is that when this virus runs on a Windows
machine it spoofs someone else's email address as the sender. Thus, if
the recipient address is invalid and the message bounces, it is returned
to the spoofed "sender". I've read elsewhere that spoofing is often
done by using the infected machine's email address book or the addresses
from recently received emails.

That's apparently why I'm getting these two different virus messages --
102 of them (at 150K each) between 6pm last night and right now.

- Peter

=====================================================

To unsubscribe from this list, send an email message
to "steward@scoug.com". In the body of the message,
put the command "unsubscribe scoug-help".

For problems, contact the list owner at
"rollin@scoug.com".

=====================================================

<< Previous Message << >> Next Message >>

Return to [ 26 | September | 2003 ]

The Southern California OS/2 User Group
P.O. Box 26904
Santa Ana, CA 92799-6904, USA

Copyright 2001 the Southern California OS/2 User Group. ALL RIGHTS RESERVED.

SCOUG, Warp Expo West, and Warpfest are trademarks of the Southern California OS/2 User Group. OS/2, Workplace Shell, and IBM are registered trademarks of International Business Machines Corporation. All other trademarks remain the property of their respective owners.