So how do we stop it? The "From" email addresses
for the bogus emails is not the infected machine.
I've been getting hammered with this junk for days.
Thanks to anyone that can offer help on stopping it.
We can't. At best we can stop ourselves getting infected. The
comapnies closer to the internet, like the ISPs and the relays have to
do it because otherwise it will propagate itself.
Sadly my own ISP is doing nothing. And I'm stuck with it because the
only broadband available here. I'm getting several per minute, and
it's already a week since the first ones started arriving last
Actually, try to find an ISP that intercepts the infected messages before
they reach your in box. My current ISP intercepts both infected messages and
I am getting intercepted viruses at the rate of about 20 - 30 a day for the
As long as you post to the usenet with a valid email address
you will get this crap. Other spam emails, too.
From what I've read on W32.swen-a@MM, the worm
in an infected computer looks in Outlook Express for
messages in the unpurged newsgroups. It scans the
messages looking for valid email structure ( firstname.lastname@example.org )
When it finds one, BAM! It pounds the crap out of it.
Fourtunatly, if you munge your address (like I have), the
worm will loose contact as the old messages (with the
valid address) get purged.
Will this worm ever die? Unlikely as there is always going
to be some internet newbie who dosen't run a virus scanner
program. Oughta be a law......
Swen also creates fake named copies of itself in a shared
KaZaA directory. You go hunting for Winamp, find it on
KaZaA, download it and double click on it. Wham!
Moral of the story:
Always do a virus scan on any incoming file or attachment!
NEVER open an attachment unless you were expecting it.
If someone wants to send you something, email them and
co-ordinate it so you know it's coming in. Then scan it
More info on this subject can be found on
for the bogus emails is not the infected machine.<
I talked with my ISP and you can't. Just make sure you don't open any
attachments and have a Norton or like program on your computer. I tried
using some names to delete automatically but the program apparently chooses
random names and just keeps sending. At it's height I was getting 50-100
messages each day. Now I get about one or two. It was what you call a
denial of service thing I guess.
Baloney. You CAN do one thing:
Alter your email address and add a all caps word like SPAM
or SPAMMENOT or etc. before the isp in it. Like this:
Do NOT do it this way:
If you do it the second way, harvester bots will try to send the
spam/viruses/worms to that address. Since the server is un-
altered, it get's there, only to be rejected by the server as "user
unknown". But if that happens a lot it'll bog the server down.
If you do it the first way, the email dies on the net with a DNS
Another point - the words NOSPAM should not be used.
Why? Simple - that phrase is so common that the really good
harvester bots can see it and strip it out, restoring the email.
More info on this subject can be found at: news:alt.comp.virus
When I contacted my ISP about it I got the usual crap about not
opening attachments, using an anti-virus etc. They didn't understand
that this isn't the problem.
As you say, it's the other fools.
It doesn't matter whether I'm using Mac, Linux or Windows. I'm
protected with the latest up-to-date virus and firewall definitions
from Norton. I run a virus-scan every day.
And I'm getting them at a rate of two to four per minute. If it
averages three, that's over 4,000 per day. It takes less than an hour
to fill my 20 mbytes of disk storage at the ISP.
I'm losing _real_ email.
It's been happpening for a whole week now, since last Thursday.
It's a denial of service attack on each and every email user in the
And apart from mentions on the BBC and CNN web pages a week ago that
described it as attacking Windows and Internet Explorer, I've seen
nothing in the media.
And nothing on my own ISP's web page although some of the others are
being more responsible.
Is somebody scared that reporting it might give other virus writers
ideas? I doubt it because anybody likely to do it knows far better
than you or I do, how the internet works. And has already seen the
chaos and lack of response from those who can fix it.
I can't realistically go to another ISP because I get my broadband
through the cable TV, and I'm too far from the nearest DSL.
I am *a*n*n*o*y*e*d*.
The way to stop this is for the infected machines' ISPs to filter for
it. That way they can
(a) stop it getting out
(b) identify the users who are infected.
It fakes the sender-address with one it finds on the infected machine,
and sends it to the ids it finds on it. In newsgroup files, email
address books etc. So regular newsgroup subscribers get hit hardest.
But it's been out there long enough to have found plenty of email
users as well.
We can't, but the infected machine's ISP can if their systems are set
up properly. They get an incoming from a dialup user of via their
cable TV net then they now it's come from inside their domain not
I'm killfiling on common to-names like "email recipient", common
subjects like the first two words of "security update", and common
from-names like "technical support". It took a couple of days to tune
and gets rid of most of them - but only at my machine when I'm
connected. When I'm not it fills up my storage at the ISP in a little
less than an hour.
Yah, I'm getting the same crap too........
I made mail rules for it, and anything coming in that is not to my address
exactly goes into the garbage,,, of course Norton cleans it out first...
I also have Norton scanning out going mail so I can help protect others from
my own e-mails..
I've been getting about the same amount; only they alternate with
to deliver mail" messages, event though I haven't sent any mail, and the
addresses referred to are not in my address book. Even those messages
have the virus according to Norton. I don't use Outhouse Excess, by the
I use Forte Agent. In the User Profile, you type in what you want the
world to see.....that's what they will see.
For log on/authentication, you must use your REAL info for your ISP to
verify when logging in (Earthlink DOES require it....) but the public
never sees that.