Re: Some help for my grandson

From: Bill Sanderson (Bill_Sanderson_at_msn.com.plugh.org)
Date: 10/11/04


Date: Mon, 11 Oct 2004 01:09:11 -0400

This is a useful warning.

However, I don't think Jeff will be at risk.

Swen harvests email addresses from NNTP headers--i.e. emails of folks
actually posting to NNTP with un-munged addresses.

So, since Doug munged, and Jeff's address didn't appear in a header, I think
they are ok.

OTOH, NNTP lore is rife with mentions of spammers harvesting addresses from
newsgroups--and they might do anything!

This link:

http://www.mcse.ms/archive118-2004-2-435223.html

contains one of Phil Weldon's posts giving clear details about Swen.

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:eKDBmC0rEHA.348@TK2MSFTNGP15.phx.gbl...
>I will leave that to you. You can forward this post to him ;-)
>
> Jeff can expect emails that will look and appear as patches from
> Microsoft. They are not
> from Microsoft as Microsoft will *never* send unsolicited patches to
> anybody. They will
> have 134~156KB attachments and the email should be deleted.
> He can also expect Failed Mail emails sent to him from people he does not
> know. They will
> have 134~156KB attachments. They should be deleted.
>
> I also suggest...
> AVAST - http://www.avast.com/i_idt_1016.html - FREE
> AVG - http://www.grisoft.com/us/us_dwnl_free.php - FREE
> CA eTrust - http://www.my-etrust.com/microsoft/index.cfm - FREE for one
> year.
> { Free offer expires 2/1/05 }
>
> Dave
>
>
>
> "Doug Mc" <NOSPAMdougandnancymcneill@chilitech.com> wrote in message
> news:Otcqy9zrEHA.2340@TK2MSFTNGP11.phx.gbl...
> | Thanks Dave,
> | I appreciate your warning. It never entered my mind - but should have.
> |
> | Can you tell him how to protect himself against my error??
> | Doug
> |
> |
> |
> | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> | news:O2syb5zrEHA.1036@TK2MSFTNGP10.phx.gbl...
> | > Doug:
> | >
> | > Some feedback --
> | > In actuality you did your Grandson, Jeff, a disservice by posting his
> | email address,
> | > unmunged, in this News Group. The following is an example of a munged
> | email address;
> | > DLipman~nospam~@Verizon.Net when you remove ~nospam~ you have the
> true
> | email address.
> | > Here is the reason why...
> | >
> | > If you post to UseNet with your TRUE, not a munged, email address then
> you
> | have invited the
> | > Swen Internet worm [aka; W32/Gibe-F] to visit you.
> | >
> | > The Swen is news spelled backwards. The reason it is called this is
> | because the Swen worm
> | > harvests email addresses from UseNet News Groups. It has an engine
> that
> | allows it to post
> | > itself to UseNet News Groups and well as it has its own email engine.
> | From the list of
> | > email addresses that it has harvested, it will then email itself to
> those
> | addresses.
> | >
> | > W32/Swen@MM - http://vil.nai.com/vil/content/v_100662.htm
> | >
> | > W32.Swen.A@mm -
> |
> http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html
> | >
> | > Dave
> | >
> | >
> | >
> | >
> | > "Doug Mc" <NOSPAMdougandnancymcneill@chilitech.com> wrote in message
> | > news:OclVuxzrEHA.868@TK2MSFTNGP10.phx.gbl...
> | > | Thanks Dave, I appreciate it.
> | > | Doug
> | >
> | >
> |
> |
>
>



Relevant Pages

  • Re: Some help for my grandson
    ... I don't think Jeff will be at risk. ... > actually posting to NNTP with un-munged addresses. ... >> He can also expect Failed Mail emails sent to him from people he does ...
    (microsoft.public.scripting.virus.discussion)
  • Re: Committee Representatives
    ... permission from one of the free nntp server admins to allow registration ... It has proved a bit "heavy" for my system so I am looking for another way of doing what I wanted (which wasn't the same as what Dave J. wanted to do, I wanted to collect RSS feeds in a better way) but he may find this bit from the help intriguing. ... nntp//rss supports the Blogger, MetaWeblog and LiveJournal APIs, allow you to publish directly to your blog from within your NNTP newsreader. ... Just configure your blog's nntp//rss channel for posting, then use your newsreader's native posting capability to post to the group. ...
    (uk.net.news.management)
  • Re: Some help for my grandson
    ... body as well as the headers. ... Dave ... | Swen harvests email addresses from NNTP headers--i.e. ... |> from Microsoft as Microsoft will *never* send unsolicited patches to ...
    (microsoft.public.scripting.virus.discussion)