SCOUG-HELP Mailing List Archives
Return to [ 10 |
February |
2004 ]
<< Previous Message <<
>> Next Message >>
Content Type: text/plain
=====================================================
If you are responding to someone asking for help who
may not be a member of this list, be sure to use the
REPLY TO ALL feature of your email program.
=====================================================
Ray, I also found an old SCOUG post from Peter Skye that addresses email
filters that can be used for the swen virus, since it uses a lot of address
and subject variations. I think it has since added more levels of variation.
The filters below assume two words, randomly selected, for the "from" and
"subject" fields, but I think it's currently up to 4 random words. Once you
get infected and send out emails, you apparently get added to address lists
of others who get the virus and they all start sending you emails addressed
as shown below, in a chain letter pyramid fashion.
Wayne
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Swen has several tables from which it randomly chooses To,
>From and Subject. Note that Swen creates *two* messages --
an HTML-formatted message ostensibly from Microsoft and a
pseudo-bounceback message.
The following three filter tables have worked quite well
here for several weeks. They're formatted for the email
client I use (Netscape 2.02) but should be easy to convert
to any other format. The first field is the folder which
the message is filtered to, the second field is the header
line to check, and the third field is the string to be
matched in the header line.
Swen-Virus-1 To @emaildomain.com
Swen-Virus-1 To @emaildomain.net
Swen-Virus-1 To @emailserver.com
Swen-Virus-1 To @emailserver.net
Swen-Virus-1 To @homedomain.com
Swen-Virus-1 To @homedomain.net
Swen-Virus-1 To @homeserver.com
Swen-Virus-1 To @homeserver.net
Swen-Virus-1 To @maildomain.com
Swen-Virus-1 To @maildomain.net
Swen-Virus-1 To @mailserver.com
Swen-Virus-1 To @mailserver.net
Swen-Virus-1 To @mxdomain.com
Swen-Virus-1 To @mxdomain.net
Swen-Virus-1 To @mxserver.com
Swen-Virus-1 To @mxserver.net
Swen-Virus-1 To @smtpdomain.com
Swen-Virus-1 To @smtpdomain.net
Swen-Virus-1 To @smtpserver.com
Swen-Virus-1 To @smtpserver.net
Swen-Virus-1 To @yourdomain.com
Swen-Virus-1 To @yourdomain.net
Swen-Virus-1 To @yourserver.com
Swen-Virus-1 To @yourserver.net
Swen-Virus-2 From Customer Assistance
Swen-Virus-2 From Customer Bulletin
Swen-Virus-2 From Customer Center
Swen-Virus-2 From Customer Department
Swen-Virus-2 From Customer Division
Swen-Virus-2 From Customer Section
Swen-Virus-2 From Customer Service
Swen-Virus-2 From Customer Services
Swen-Virus-2 From Customer Support
Swen-Virus-2 From Email Assistance
Swen-Virus-2 From Email Bulletin
Swen-Virus-2 From Email Center
Swen-Virus-2 From Email Department
Swen-Virus-2 From Email Division
Swen-Virus-2 From Email Section
Swen-Virus-2 From Email Service
Swen-Virus-2 From Email Services
Swen-Virus-2 From Email Support
Swen-Virus-2 From Public Assistance
Swen-Virus-2 From Public Bulletin
Swen-Virus-2 From Public Center
Swen-Virus-2 From Public Department
Swen-Virus-2 From Public Division
Swen-Virus-2 From Public Section
Swen-Virus-2 From Public Service
Swen-Virus-2 From Public Services
Swen-Virus-2 From Public Support
Swen-Virus-2 From Security Assistance
Swen-Virus-2 From Security Bulletin
Swen-Virus-2 From Security Center
Swen-Virus-2 From Security Department
Swen-Virus-2 From Security Division
Swen-Virus-2 From Security Section
Swen-Virus-2 From Security Service
Swen-Virus-2 From Security Services
Swen-Virus-2 From Security Support
Swen-Virus-2 From Technical Assistance
Swen-Virus-2 From Technical Bulletin
Swen-Virus-2 From Technical Center
Swen-Virus-2 From Technical Department
Swen-Virus-2 From Technical Division
Swen-Virus-2 From Technical Section
Swen-Virus-2 From Technical Service
Swen-Virus-2 From Technical Services
Swen-Virus-2 From Technical Support
Swen-Virus-3 Subject Critical Pack
Swen-Virus-3 Subject Critical Patch
Swen-Virus-3 Subject Critical Update
Swen-Virus-3 Subject Critical Upgrade
Swen-Virus-3 Subject Net Pack
Swen-Virus-3 Subject Net Patch
Swen-Virus-3 Subject Net Update
Swen-Virus-3 Subject Net Upgrade
Swen-Virus-3 Subject Network Pack
Swen-Virus-3 Subject Network Patch
Swen-Virus-3 Subject Network Update
Swen-Virus-3 Subject Network Upgrade
Swen-Virus-3 Subject Security Pack
Swen-Virus-3 Subject Security Patch
Swen-Virus-3 Subject Security Update
Swen-Virus-3 Subject Security Upgrade
- Peter
=====================================================
To unsubscribe from this list, send an email message
to "steward@scoug.com". In the body of the message,
put the command "unsubscribe scoug-help".
For problems, contact the list owner at
"rollin@scoug.com".
=====================================================
<< Previous Message <<
>> Next Message >>
Return to [ 10 |
February |
2004 ]
The Southern California OS/2 User Group
P.O. Box 26904
Santa Ana, CA 92799-6904, USA
Copyright 2001 the Southern California OS/2 User Group. ALL RIGHTS
RESERVED.
SCOUG, Warp Expo West, and Warpfest are trademarks of the Southern California OS/2 User Group.
OS/2, Workplace Shell, and IBM are registered trademarks of International
Business Machines Corporation.
All other trademarks remain the property of their respective owners.
| 
