weird spam flood

[heron stone]

Starting Thursday morning thru the day and into the night,
I received more than 300 emails with .exe attachments totaling
more than 80 MB... phony MS security updates.

I've received these occasionally before, but never anything
near this amount.

I called my ISP (Comcast) and they said that there was no
unusual activity and that they had received no other calls
about this problem. I figured they were lying weasels and
gave up.

I called a neighbor who also has Comcast and she said that
she hadn't suffered any surge in spam.

What's going on here?
Are they just targeting me?
Is it time to get paranoid?

heron

--
Nature, heron stone
to be commanded, [email]heonstone@comcast.net[/email]
must be obeyed. mywebpages.comcast.net/heronstone

[Alice Faber]

In article
<heronstone-D06DEB.17175519092003@news.comcast.giganews.com>,
heron stone <heronstone@comcast.net> wrote:

> Starting Thursday morning thru the day and into the night,
> I received more than 300 emails with .exe attachments totaling
> more than 80 MB... phony MS security updates.
>
> I've received these occasionally before, but never anything
> near this amount.
>
> I called my ISP (Comcast) and they said that there was no
> unusual activity and that they had received no other calls
> about this problem. I figured they were lying weasels and
> gave up.

This seems to be limited to people who post to usenet with open
addresses. I've probably had 2000 of them and I have friends who are up
in the 3000 range. So it's definitely not just you.

--
AF
"Non Sequitur U has a really, really lousy debate team."
--artyw raises the bar on rec.sport.baseball

[Matt Broughton]

In article
<heronstone-D06DEB.17175519092003@news.comcast.giganews.com>,
heron stone <heronstone@comcast.net> wrote:

> Starting Thursday morning thru the day and into the night,
> I received more than 300 emails with .exe attachments totaling
> more than 80 MB... phony MS security updates.
>
> I've received these occasionally before, but never anything
> near this amount.
>
> I called my ISP (Comcast) and they said that there was no
> unusual activity and that they had received no other calls
> about this problem. I figured they were lying weasels and
> gave up.
>
> I called a neighbor who also has Comcast and she said that
> she hadn't suffered any surge in spam.
>
> What's going on here?
> Are they just targeting me?
> Is it time to get paranoid?
>
> heron

I'm getting a whole lot of them from my macosx.com mail address
supported by digitalcrows.com. My *first* connection this morning
brought in over 500 messages. There have been at least another 500
since then.

There must be some worm or virus on certain mail servers.
digitalcrowd.com has recently started using spam and virus filters. The
vast majority of the e-mails are being flagged as "W32/Swen.A@mm" virus.

--
Matt Broughton
Only relatives are absolute.

[Bev A. Kupf]

On Fri, 19 Sep 2003 19:36:12 -0500,
Matt Broughton (walterwego@macosx.com) wrote:

> There must be some worm or virus on certain mail servers.
> digitalcrowd.com has recently started using spam and virus filters. The
> vast majority of the e-mails are being flagged as "W32/Swen.A@mm" virus.

I've had about two hundred of these today at work. And they're all
the Swen virus.

Bev
--
Bev A. Kupf
"The lyfe so short, the craft so long to lerne" -- Chaucer

[heron stone]

thanks everyone

i feel better knowing it's not just me

--
Nature, heron stone
to be commanded, [email]heonstone@comcast.net[/email]
must be obeyed. mywebpages.comcast.net/heronstone

[B Collins]

heron stone wrote:

>
> Starting Thursday morning thru the day and into the night,
> I received more than 300 emails with .exe attachments totaling
> more than 80 MB... phony MS security updates.
>
> I've received these occasionally before, but never anything
> near this amount.
>
> I called my ISP (Comcast) and they said that there was no
> unusual activity and that they had received no other calls
> about this problem. I figured they were lying weasels and
> gave up.
>
> I called a neighbor who also has Comcast and she said that
> she hadn't suffered any surge in spam.
>
> What's going on here?
> Are they just targeting me?
> Is it time to get paranoid?
>
> heron
>
> --
> Nature, heron stone
> to be commanded, [email]heonstone@comcast.net[/email]
> must be obeyed. mywebpages.comcast.net/heronstone
>

I have a similar experience, on Earthlink. I've been in touch with them
about it, but I'm not sure what if anything they will do to try to get
it under control. The volume is such that it fills my 10 MB mailbox
space on the Earthlink server in a matter of a few hours, so i have to
go in every couple of hours to clean it out so that there will be room
for legitimate emails. This is really a denial of service problem of
major proportions.

Bill

[Tom Harrington]

In article
<heronstone-C34AD7.19083819092003@news.comcast.giganews.com>,
heron stone <heronstone@comcast.net> wrote:

> thanks everyone
>
> i feel better knowing it's not just me

Misery loves company. :-)

--
Tom "Tom" Harrington
Macaroni, Automated System Maintenance for Mac OS X.
Version 1.4: Best cleanup yet, gets files other tools miss.
See [url]http://www.atomicbird.com/[/url]

[Tom Harrington]

In article <afaber-D09271.20351019092003@reader2.panix.com>,
Alice Faber <afaber@panix.com> wrote:

> In article
> <heronstone-D06DEB.17175519092003@news.comcast.giganews.com>,
> heron stone <heronstone@comcast.net> wrote:
>

> > Starting Thursday morning thru the day and into the night,
> > I received more than 300 emails with .exe attachments totaling
> > more than 80 MB... phony MS security updates.
> >
> > I've received these occasionally before, but never anything
> > near this amount.
> >
> > I called my ISP (Comcast) and they said that there was no
> > unusual activity and that they had received no other calls
> > about this problem. I figured they were lying weasels and
> > gave up.

>
> This seems to be limited to people who post to usenet with open
> addresses. I've probably had 2000 of them and I have friends who are up
> in the 3000 range. So it's definitely not just you.

I'm getting them, and I don't post to usenet with an un-munged address.
They're not going to the address used here anyway, even when it's fixed.

--
Tom "Tom" Harrington
Macaroni, Automated System Maintenance for Mac OS X.
Version 1.4: Best cleanup yet, gets files other tools miss.
See [url]http://www.atomicbird.com/[/url]

[Joe Heimann]

Bev A. Kupf <bevakupf@myhome.net> wrote:

> On Fri, 19 Sep 2003 19:36:12 -0500,
> Matt Broughton (walterwego@macosx.com) wrote:

>> There must be some worm or virus on certain mail servers.
>> digitalcrowd.com has recently started using spam and virus filters. The
>> vast majority of the e-mails are being flagged as "W32/Swen.A@mm" virus.

>
> I've had about two hundred of these today at work. And they're all
> the Swen virus.

Over 1500 of them myself. I have been seeing a mix, of the ones I have
seen identified Swen and Gife-B are what I can recall.

Joe Heimann

[Marc Heusser]

In article
<heronstone-D06DEB.17175519092003@news.comcast.giganews.com>,
heron stone <heronstone@comcast.net> wrote:

> Starting Thursday morning thru the day and into the night,
> I received more than 300 emails with .exe attachments totaling
> more than 80 MB... phony MS security updates.

....

> What's going on here?
> Are they just targeting me?
> Is it time to get paranoid?
>
> heron

Check [url]www.cert.org[/url] in these cases.
If necessary tell your ISP to get help there - anytime.

Maybe the following one?
[url]http://www.cert.org/current/current_activity.html#swena[/url]

HTH

Marc

--
Marc Heusser - Zurich, Switzerland
Coaching - Consulting - Counselling - Psychotherapy
[url]http://www.heusser.com[/url]
remove the obvious CHEERS and MERCIAL... from the reply address
to reply via e-mail

[Richard Paquette]

the same here, the last 4 days i have received more than 200

Paparicky

In article
<heronstone-D06DEB.17175519092003@news.comcast.giganews.com>, heron
stone <heronstone@comcast.net> wrote:

> Starting Thursday morning thru the day and into the night,
> I received more than 300 emails with .exe attachments totaling
> more than 80 MB... phony MS security updates.
>
> I've received these occasionally before, but never anything
> near this amount.
>
> I called my ISP (Comcast) and they said that there was no
> unusual activity and that they had received no other calls
> about this problem. I figured they were lying weasels and
> gave up.
>
> I called a neighbor who also has Comcast and she said that
> she hadn't suffered any surge in spam.
>
> What's going on here?
> Are they just targeting me?
> Is it time to get paranoid?
>
> heron

[fishfry]

In article
<heronstone-D06DEB.17175519092003@news.comcast.giganews.com>,
heron stone <heronstone@comcast.net> wrote:

> Starting Thursday morning thru the day and into the night,
> I received more than 300 emails with .exe attachments totaling
> more than 80 MB... phony MS security updates.
>
> I've received these occasionally before, but never anything
> near this amount.
>
> I called my ISP (Comcast) and they said that there was no
> unusual activity and that they had received no other calls
> about this problem. I figured they were lying weasels and
> gave up.
>
> I called a neighbor who also has Comcast and she said that
> she hadn't suffered any surge in spam.
>
> What's going on here?
> Are they just targeting me?
> Is it time to get paranoid?

For what it's worth I'm getting about 1500 of these every 12 hours or
so. It's really bad. It's on my fishfry email account, which I use on
Usenet and a couple of other message boards.

I'm getting a trickle of these messages on my other email accounts, but
only a few a day.

[Stan The Man]

In article <3F6BBAAA.4AE07016@earthlink.net>, B Collins
<bbcollins@earthlink.net> wrote:

>The volume is such that it fills my 10 MB mailbox
>space on the Earthlink server in a matter of a few hours

I'm inclined to believe that the current spate is a protest from a
smallgroup of spammers who are sticking a finger up to the imminent new
anti-spam government legislation in Europe, the UN and elsewhere.

Unless your ISP can head it off at the pass, your best bet would be to
use a utility like PopMonitor ([url]http://www.vechtwijk.nl/dev/index.html[/url])
which allows you to apply filters to only the first few lines of a
message before you download the whole mass from the server. In this way
you can delete most or all of your unwanted spam from the server before
downloading in toto.


Stan

[Dale J. Stephenson]

Michelle Steiner <michelle@michelle.org> writes:

> In article <3f6bca20@news-1.oit.umass.edu>,
> "Joe Heimann" <heimann@ecs.umass.edu> wrote:
>

> > Over 1500 of them myself. I have been seeing a mix, of the ones I
> > have seen identified Swen and Gife-B are what I can recall.

>
> Norton anti-virus hasn't identified even one of them, but mail.app
> marked some 98% of them as spam. My spam filter is now set to delete
> the mail without putting them in the junk mail folder.
>

I got about 1000 of them, and mail.app marked maybe 20% as spam. (Not
all of them were viruses, there were also a ton of helpful "foo tried
to send you a virus" messages as well.) I just got another, looking
effectively identical to 100 I marked as spam yesterday, and it wasn't
marked spam. Shouldn't mail.app have got the hint? Anything I can do
to nudge it?
--
Dale J. Stephenson
[email]dalestephenson@mac.com[/email]
3/27/87 -- Ed Hearn for David Cone. 12/20/02 -- Millwood for Estrada
Schuerholz has finally topped himself.

[Mike Rosenberg]

heron stone <heronstone@comcast.net> wrote:

> I called my ISP (Comcast) and they said that there was no
> unusual activity and that they had received no other calls
> about this problem. I figured they were lying weasels and
> gave up.

You've already heard that it's not just you, and not just a Comcast
issue, but I want to mention that, as far as I can tell, Comcast people
are trained to tell you, without considering any information you
provide, that every problem you report has nothing to do with them or
their equipment. I know of one case where the cable modem was dead, as
in no function whatsoever, no lights on at all, and they Comcast "tech"
still told the customer there was something wrong with her computer.

--
Mike Rosenberg

<http://www.macconsult.com> Macintosh consulting services for NE Florida
<http://bogart-tribute.net> Tribute to Humphrey Bogart

[Tom Harrington]

In article <michelle-BD5739.20422019092003@news.west.cox.net>,
Michelle Steiner <michelle@michelle.org> wrote:

> In article <3f6bca20@news-1.oit.umass.edu>,
> "Joe Heimann" <heimann@ecs.umass.edu> wrote:
>

> > Over 1500 of them myself. I have been seeing a mix, of the ones I
> > have seen identified Swen and Gife-B are what I can recall.

>
> Norton anti-virus hasn't identified even one of them, but mail.app
> marked some 98% of them as spam. My spam filter is now set to delete
> the mail without putting them in the junk mail folder.

Did you just click the "junk" button until Mail.app figured it out, or
did you add some additional rule(s) to cover it?

--
Tom "Tom" Harrington
Macaroni, Automated System Maintenance for Mac OS X.
Version 1.4: Best cleanup yet, gets files other tools miss.
See [url]http://www.atomicbird.com/[/url]

[Devi Jankowicz]

On Sat, 20 Sep 2003 4:42:20 +0100, Michelle Steiner wrote
(in message <michelle-BD5739.20422019092003@news.west.cox.net>):

> In article <3f6bca20@news-1.oit.umass.edu>,
> "Joe Heimann" <heimann@ecs.umass.edu> wrote:
>

>> Over 1500 of them myself. I have been seeing a mix, of the ones I
>> have seen identified Swen and Gife-B are what I can recall.

>
> Norton anti-virus hasn't identified even one of them, but mail.app
> marked some 98% of them as spam. My spam filter is now set to delete
> the mail without putting them in the junk mail folder.

Norton is actually the bloody problem.
Gather round old granny's knees, little ones, and I'll tell you a story.

I bought a copy of Norton Utilities for Mac system X. Naively, I tried to
register it but couldn't find an appropriate page on the Symantec site. Next
thing I knew was that I was getting around 60 spams a day (of the vulgar
'increase the size of your todger and live happily ever after' variety).

Why? Because Symantec have a policy of immediately passing your name to
'carefully chosen organisations' (now there's a cynical notion for a start)
and of making it very difficult for you to find the page with the opt-out
check-boxes- which they then appear to ignore anyway.

The present spams we're discussing are due to the worm called SWEN/GIBE,
which tries to get you to open a .exe attachment supposedly from Microsoft.
It favours IRC sites as well as e-mail based Mailing lists; it switches off
your anti-virus software, installs the usual files to ensure it's run every
time you power up, and of course, it spreads to everyone in your address
book. It originated in Slovakia on 14th September and was well ensconced in
the various mailing lists to which (thank you, Symantec!) I was subscribed
without my permission.

Why should I worry, as a Macintosh user? The .exe extension is meaningless to
a Mac and the virus isn't activated. I'll tell you why: because each spam
comes with one to four attachments, each of which takes a good 20 seconds to
dopwnload. When you have 200 such spammed documents, it simply clogs up one's
download time impossibly.

I have now got rid of the wretched thing for good, by changing my e-mail
address and asking my ISP to dump the old account.

And Symantec? The firm that sells holier-than-thou anti-spam software?

I have written to then telling them that I will never buy another of their
products as long as I live.

Kind regards,
Devi Jankowicz

[Phil Stripling]

Tom Harrington <tph@pcisys.no.spam.dammit.net> writes:

> I'm getting them, and I don't post to usenet with an un-munged address.
> They're not going to the address used here anyway, even when it's fixed.

There's another discussion about this (of course) going on in a local
newsgroup I read, and there's no apparent connection between who is getting
them and how.

I have three email addresses that are 'real.' One I never use, one I use
for specific clients, and one is my 'public' email address -- I give it out
to people and use it for email lists that I'm a member of. I have a spam
trap address that I use for Yahoo groups that I've joined. And I have the
spam trap address that I use when posting (as here). Only this spam trap
address is getting any of these bogus MS emails. One of the posters in the
other group has suggested that this is because spammers that harvest Usenet
are infected. But he says he's getting the MS stuff from his email list
addresses and not from Usenet (he munges). Curious. (Or maybe I should say,
Weird.)
--
Philip Stripling | email to the replyto address is presumed
Legal Assistance on the Web | spam and read later. email to philip@
[url]http://www.PhilipStripling.com/[/url] | my domain is read daily.

[Joe Davison]

On Fri, 19 Sep 2003, heron stone wrote:

> I called my ISP (Comcast) and they said that there was no
> unusual activity and that they had received no other calls
> about this problem. I figured they were lying weasels and
> gave up.
>

They are aware of the problem now -- the Service Centert page has a
Virus/Security Update on it.

joe

[Lou Lesko]

Stan The Man <macho@mac.com> writes:

> In article <3F6BBAAA.4AE07016@earthlink.net>, B Collins
> <bbcollins@earthlink.net> wrote:
>
> Unless your ISP can head it off at the pass, your best bet would be to
> use a utility like PopMonitor ([url]http://www.vechtwijk.nl/dev/index.html[/url])
> which allows you to apply filters to only the first few lines of a
> message before you download the whole mass from the server. In this way

If your into spending a few bucks, I would highly, highly recomend
Mailsmith from Barebones Software. It has a product called Spam Sieve
integrated with it that works very well for spotting spam - and it also has
the most fabulous POP Monitor - like the one mentioned above, alredy built
in. This product is brilliant.

lou