[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [APD] RE: Viruses and worms.

I know this is getting pretty off topic here, but please, please try and
avoid getting this virus.

The one you describe is called Swen or Gibe depending which AV product you
Symantec has a writeup on it here:
http://www.sarc.com/avcenter/venc/data/w32_swen.a at mm.html
And a removal tool here:
http://www.sarc.com/avcenter/venc/data/w32_swen.a at mm.removal.tool.html

I'm the email admin for an ISP and in the last few weeks i've seen infected
users generate over 40,000 emails a hour from this thing (that's over 6GB of
mail per hour).  It also preys on a M$ Explorer exploit to autorun the code
even without opening the attachment.

If you have even the slightest thought that you may be infected please run
the removal tool.....it only takes a few minutes and may save another poor
email admin somewhere from a few grey hairs.  As always it's a good idea to
keep your system updated with all the latest patches off M$'s windows update

Theother virus out there right now that's causing many ISP's headaches is
Welchia or Nachi.  Guaranteed if you didn't apply M$'s RPC patch to your
system and you don't have a hardware based firewall/router....you're
infected.  Very few people who are infected with this one see any symptoms.
The removal tool is here:
please run it too, but make sure you patch your system first or you'll
simply get reinfected in the time it takes you to clean it and then go to
M$'s site.

I hear our help desk was taking a bunch of calls on a new virus today,
Qhosts, that messes with your DNS settings and apparently prevents access to
M$'s windowsupdate site, but that's another story.....

wishing the world all ran on linux......then i'd have more time to build
enclosures for my PC lights that came in this week from AHS :)

----- Original Message ----- 
From: "S. Hieber" <shieber at yahoo_com>
To: "aquatic plants digest" <aquatic-plants at actwin_com>
Sent: Friday, October 03, 2003 6:59 PM
Subject: Re: [APD] RE: Viruses and worms.

> Your emai address can be hijacked from any address book the
> virus comes across, not just your address book, but any
> that has it.
> Using addresses it finds on it's way is one method of
> making a virus package seem like it's coming form someone
> you know.  You might even get a fake message purporting to
> be from you!
> sh
> --- Christina Marie Thompson <cmthmpsn at mindspring_com
> > > So my
> > conclusion is that somehow my e-mail address has been
> > hijacked from
> > outside my system and someone(s) is both sending these
> > bogus messages to
> > me AND is faking my address as the sending address to
> > continue the spam.
> __________________________________
> Do you Yahoo!?
> The New Yahoo! Shopping - with improved product search
> http://shopping.yahoo.com
> _______________________________________________
> Aquatic-Plants mailing list
> Aquatic-Plants at actwin_com
> http://www.actwin.com/mailman/listinfo.cgi/aquatic-plants

Aquatic-Plants mailing list
Aquatic-Plants at actwin_com