Re: Why such volume with W32/Swen@MM?

• Previous message: Kent West: "Re: Flash plug-in hangs Mozilla (sid)"
• In reply to: Bill Moseley: "Why such volume with W32/Swen@MM?"
• Next in thread: Pigeon: "Re: Why such volume with W32/Swen@MM?"
• Reply: Pigeon: "Re: Why such volume with W32/Swen@MM?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Sun, 21 Sep 2003 09:43:01 -0400
To: Bill Moseley <moseley@hank.org>

I'm finding similar things here. I've had my domain a number of years
and this is the first time I've been affected by an M$ email worm.
Usually I sit back and laugh, but not this time. I'm new to the
debian-* lists and recently posted for the first time. All of the
copies of the virus have been to a single email of mine, the address
which I'm sending from now. Nor have I gotten a single copy of this at
work, which I've had for 3+ years. Though I've never posted to usenet
or debian lists using that address. Though I do post regularly to a
public mailing list via work and home, though it is not relayed to
usenet.

I've also got my wife, mother, and brother-in-law on my mail server,
they have gotten *zero* copies of this virus.

Reading what others have been reporting, I'm really starting to suspect
debian-* lists, or more likely the usenet copy of such data, as being
the source for getting recipients.

I also wonder if some of the zombies that spammers use to blast out
msgs might have been compromised by this virus as well.

I'm really thinking about the passive OpenBSD firewall option to block
Windoze machines from talking to my SMTP server. :-)

Regards,
Chad

On Saturday, September 20, 2003, at 09:49 PM, Bill Moseley wrote:

> I'm curious why I'm getting so many of these viruses sent to me. On
> various technical lists I've read of lots of people that are getting
> hammered by the mail, too.
>
> From the descriptions I've read of W32/Swen@MM it mails itself to
> "recipients extracted from the victim machine", yet I'm seeing so many
> of these to my personal email address alone that I can't believe my
> address is listed on that many machines. Today I got about 300 alone
> send to just one address. Other's I've talked with about this
> (non-geek
> internet users) are not seeing so much of the virus, if at all.
>
> The viruses are all coming from Windows machines, right? It just seems
> odd that my address would be on that many (cluelessly-run) Windows
> machines considering what lists I'm on.
>
> I'm also not on IRC or any of the other ways for it to spread.
>
> Anyone getting hit hard by this and understand why?
>
>
> --
> Bill Moseley
> moseley@hank.org
>
>
> --
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>

-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

• Previous message: Kent West: "Re: Flash plug-in hangs Mozilla (sid)"
• In reply to: Bill Moseley: "Why such volume with W32/Swen@MM?"
• Next in thread: Pigeon: "Re: Why such volume with W32/Swen@MM?"
• Reply: Pigeon: "Re: Why such volume with W32/Swen@MM?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]