SWEN Worm help

SWEN Worm help

Post by hal boyle » Thu, 25 Sep 2003 00:15:30



someone has me in their address book....and has the SWEN worm.  I have
redirected all email with the specific subject to my deleted folder but I am
being bombed with emails.  at least 600 a day.  anyway to find out who is
infected or how to STOP some of this.
 
 
 

SWEN Worm help

Post by Martin Blackstone [MVP - Exchange » Thu, 25 Sep 2003 00:52:11


My suggestion would be to put some kind of Exchange antivirus in place and
just dump em as they come in.

--
Martin Blackstone
MVP - Exchange

http://www.swinc.com/resource/exchange.htm

http://www.swinc.com/resource/e2kfaq_appxc.htm

Quote:> someone has me in their address book....and has the SWEN worm.  I have
> redirected all email with the specific subject to my deleted folder but I
am
> being bombed with emails.  at least 600 a day.  anyway to find out who is
> infected or how to STOP some of this.


 
 
 

SWEN Worm help

Post by Ron » Thu, 25 Sep 2003 02:11:47


I got the same problem with Sobig virus. Hundreds of incoming mail coming
from the same source. Mail header tells me which IP address it is coming
from. It is sent from Covad network. I sent a complaint mail to Covad. Two
days later, I stopped getting Sobig mail.


Quote:> someone has me in their address book....and has the SWEN worm.  I have
> redirected all email with the specific subject to my deleted folder but I
am
> being bombed with emails.  at least 600 a day.  anyway to find out who is
> infected or how to STOP some of this.

 
 
 

SWEN Worm help

Post by Ken Lync » Thu, 25 Sep 2003 05:32:32


The virus spoofs the IP address of the sender, so you may not have been
getting the emails from that source.  It may have been a coincidence that
they stopped.  The infected party may have applied a patch and cleaned the
virus from their system.


> I got the same problem with Sobig virus. Hundreds of incoming mail coming
> from the same source. Mail header tells me which IP address it is coming
> from. It is sent from Covad network. I sent a complaint mail to Covad. Two
> days later, I stopped getting Sobig mail.



> > someone has me in their address book....and has the SWEN worm.  I have
> > redirected all email with the specific subject to my deleted folder but
I
> am
> > being bombed with emails.  at least 600 a day.  anyway to find out who
is
> > infected or how to STOP some of this.

 
 
 

SWEN Worm help

Post by Ron » Thu, 25 Sep 2003 05:47:07


You sure? What I know is that Sobig spoofs email addresses, not the IP
address of the sender's SMTP server.


> The virus spoofs the IP address of the sender, so you may not have been
> getting the emails from that source.  It may have been a coincidence that
> they stopped.  The infected party may have applied a patch and cleaned the
> virus from their system.



> > I got the same problem with Sobig virus. Hundreds of incoming mail
coming
> > from the same source. Mail header tells me which IP address it is coming
> > from. It is sent from Covad network. I sent a complaint mail to Covad.
Two
> > days later, I stopped getting Sobig mail.

 
 
 

SWEN Worm help

Post by Jim Bronso » Thu, 25 Sep 2003 06:45:15



Quote:> You sure? What I know is that Sobig spoofs email addresses, not the IP
> address of the sender's SMTP server.

agreed, it is impossible to forge the header that my mail gateway generates.

regards,
Jim

 
 
 

SWEN Worm help

Post by Melvin, To » Thu, 25 Sep 2003 21:05:35


IF they ever find this guy/gal, I hope they allow everyone that was infected
by the virus to beat him/her with a bat until they die...




> > You sure? What I know is that Sobig spoofs email addresses, not the IP
> > address of the sender's SMTP server.

> agreed, it is impossible to forge the header that my mail gateway
generates.

> regards,
> Jim