Email worm sent to "group members"

Chuck Anderson <[email protected]> writes:

> I can see by looking at the To: list that many in the rec.bicycles.rides group (and others) were
> sent this email.
>
> Subject: Posta Sicura Elitel: notifica antivirus From: [email protected] (att. - Latest
> Critical Patch.eml)
>
> This is a classic email worm that has invaded someone's address book and sent itself to everyone
> in it. Looking at the list I see many contributors from here. And the email addresses have to be
> from someone's address book (using an email address that I never use in public).
>
> Do not open this attachment. Microsoft never emails patches to users. It is a worm/virus/trojan.
>
> I wonder who's got "the bug."

Thousands of people, mostly people running Microsoft news/mail readers that automatically upen
attachments and thus launch the bug into their system.

This is, from the sounds of it, the SWEN (news spelled backwards) bug. It's been around for months-
are you just getting it for the first time? I've gotten at least 15,000 of these rascals e-mailed to
me over the past couple of months. It raids news spools for e=mail addresses. Someone like me who
posts actively in a wide variety of newsgroups gets hit hard.

Chuck, I have been getting that patch since September. The first day Norton didn't even catch it,
but I knew not to open it. I was getting about 40 copies a day and it really ****** me off because
each attachment was about 100 kb and I was leaving in a few days for my cycling trip in Germany. I
was concerned it would overload my quota at my ISP because I would not be able to retreive e-mail
every day. Fortunately the volume reduced and I was generally able to get to an internet cafe about
every other day. However there was one stretch where it was 4 days and I did lose some e-mail.

There were many addresses that it was coming from and I did not recognize any of them. I still get 3
or 4 copies a day.

Ken Chuck Anderson <[email protected]> wrote:

>I can see by looking at the To: list that many in the rec.bicycles.rides group (and others) were
>sent this email.
>
>Subject: Posta Sicura Elitel: notifica antivirus From: [email protected] (att. - Latest
>Critical Patch.eml)
>
>This is a classic email worm that has invaded someone's address book and sent itself to everyone in
>it. Looking at the list I see many contributors from here. And the email addresses have to be from
>someone's address book (using an email address that I never use in public).
>
>Do not open this attachment. Microsoft never emails patches to users. It is a worm/virus/trojan.
>
>I wonder who's got "the bug."

Ken Brown, Toronto Canada Ontario Rail Trails: http://webhome.idirect.com/~brown delete "nospam" if
replying via e-mail

Tim McNamara wrote:

>Chuck Anderson <[email protected]> writes:
>
>
>
>>I can see by looking at the To: list that many in the rec.bicycles.rides group (and others) were
>>sent this email.
>>
>>Subject: Posta Sicura Elitel: notifica antivirus From: [email protected] (att. - Latest
>>Critical Patch.eml)
>>
>>This is a classic email worm that has invaded someone's address book and sent itself to everyone
>>in it. Looking at the list I see many contributors from here. And the email addresses have to be
>>from someone's address book (using an email address that I never use in public).
>>
>>Do not open this attachment. Microsoft never emails patches to users. It is a worm/virus/trojan.
>>
>>I wonder who's got "the bug."
>>
>>
>
>Thousands of people, mostly people running Microsoft news/mail readers that automatically upen
>attachments and thus launch the bug into their system.
>
>This is, from the sounds of it, the SWEN (news spelled backwards) bug. It's been around for months-
>are you just getting it for the first time? I've gotten at least 15,000 of these rascals e-mailed
>to me over the past couple of months. It raids news spools for e=mail addresses. Someone like me
>who posts actively in a wide variety of newsgroups gets hit hard.
>
>
At Microsoft. Security is job one. (You don't even want to see their "number 2.")

I think it's an email virus because it uses an email address that I never post. That had to come
from someone's address book.

I get lots of spam I throw out without even downloading (using Mailwasher), and some of that is
surely worms and trojan stuff. I don't hardly bother to look anymore. But this is the first one I've
gotten with so many names I recognize from Internet bicycling contacts.

--
*****************************
Chuck Anderson • Boulder, CO http://www.CycleTourist.com Integrity is obvious. The lack of it
is common.
*****************************

The barrage of "Microsoft" e-mails in my "NYRides" inbox has finally settled down a bit. I was
getting 75 to 80 twice a day/every day for a while.

"Tim McNamara" <[email protected]> wrote in message news:[email protected]...
> Chuck Anderson <[email protected]> writes:
>
> > I can see by looking at the To: list that many in the rec.bicycles.rides group (and others) were
> > sent this email.
> >
> > Subject: Posta Sicura Elitel: notifica antivirus From: [email protected] (att. - Latest
> > Critical Patch.eml)
> >
> > This is a classic email worm that has invaded someone's address book and sent itself to everyone
> > in it. Looking at the list I see many contributors from here. And the email addresses have to be
> > from someone's address book (using an email address that I never use in public).
> >
> > Do not open this attachment. Microsoft never emails patches to users. It is a worm/virus/trojan.
> >
> > I wonder who's got "the bug."
>
> Thousands of people, mostly people running Microsoft news/mail readers that automatically upen
> attachments and thus launch the bug into their system.
>
> This is, from the sounds of it, the SWEN (news spelled backwards) bug. It's been around for
> months- are you just getting it for the first time? I've gotten at least 15,000 of these rascals
> e-mailed to me over the past couple of months. It raids news spools for e=mail addresses. Someone
> like me who posts actively in a wide variety of newsgroups gets hit hard.

same story minus the trip to germany. I started with as many as 40 a day in September, but now it's
down to 4 or 5 a day. still with an old dialup connection is a real pain.

Ken Brown wrote:

>Chuck, I have been getting that patch since September. The first day Norton didn't even catch it,
>but I knew not to open it. I was getting about 40 copies a day and it really ****** me off because
>each attachment was about 100 kb and I was leaving in a few days for my cycling trip in Germany. I
>was concerned it would overload my quota at my ISP because I would not be able to retreive e-mail
>every day. Fortunately the volume reduced and I was generally able to get to an internet cafe about
>every other day. However there was one stretch where it was 4 days and I did lose some e-mail.
>
>There were many addresses that it was coming from and I did not recognize any of them. I still get
>3 or 4 copies a day.
>
>Ken Chuck Anderson <[email protected]> wrote:
>
>
>
>>I can see by looking at the To: list that many in the rec.bicycles.rides group (and others) were
>>sent this email.
>>
>>Subject: Posta Sicura Elitel: notifica antivirus From: [email protected] (att. - Latest
>>Critical Patch.eml)
>>
>>This is a classic email worm that has invaded someone's address book and sent itself to everyone
>>in it. Looking at the list I see many contributors from here. And the email addresses have to be
>>from someone's address book (using an email address that I never use in public).
>>
>>Do not open this attachment. Microsoft never emails patches to users. It is a worm/virus/trojan.
>>
>>I wonder who's got "the bug."
>>
>>
>
>Ken Brown, Toronto Canada Ontario Rail Trails: http://webhome.idirect.com/~brown delete "nospam" if
>replying via e-mail

NYRides wrote:

> "Tim McNamara" <[email protected]> wrote in message

>
>
>>Chuck Anderson <[email protected]> writes:
>>
>>
>>
>>>I can see by looking at the To: list that many in the rec.bicycles.rides group (and others) were
>>>sent this email.
>>>
>>>Subject: Posta Sicura Elitel: notifica antivirus From: [email protected] (att. - Latest
>>>Critical Patch.eml)
>>>
>>>This is a classic email worm that has invaded someone's address book and sent itself to everyone
>>>in it. Looking at the list I see many contributors from here. And the email addresses have to be
>>>from someone's address book (using an email address that I never use in public).
>>>
>>>Do not open this attachment. Microsoft never emails patches to users. It is a worm/virus/trojan.
>>>
>>>I wonder who's got "the bug."
>>>
>>>
>>Thousands of people, mostly people running Microsoft news/mail readers that automatically upen
>>attachments and thus launch the bug into their system.
>>
>>This is, from the sounds of it, the SWEN (news spelled backwards) bug. It's been around for
>>months- are you just getting it for the first time? I've gotten at least 15,000 of these rascals
>>e-mailed to me over the past couple of months. It raids news spools for e=mail addresses. Someone
>>like me who posts actively in a wide variety of newsgroups gets hit hard.
>>
>>

>The barrage of "Microsoft" e-mails in my "NYRides" inbox has finally settled down a bit. I was
>getting 75 to 80 twice a day/every day for a while.
>
>

Knock on wood.

I've never gotten anywhere near that volume. In fact, if I did, I would immediately change my email
address and notify everyone who needs to know. I've got several email usernames at this time and a
few of them are pure throw aways. I only use them for registration at sites that I don't really care
about and mail lists that I could always resubscribe to (if I care to). I think the key is to NOT
get too attached to any one email address. All email addresses will become spambot fodder some day*.

(* Unless you are very diligent about using it only in private messages. Even then, you could be
harvested if someone sticks your address in a long To: list when forwarding a "real important
message" that they MUST share with ALL of their friends.)

75 - 80 a day? I'd get a new email address and start over.

--
*****************************
Chuck Anderson • Boulder, CO http://www.CycleTourist.com Integrity is obvious. The lack of it
is common.
*****************************

"Chuck Anderson" <[email protected]> wrote in message
news:Ta7yb.254292$9E1.1359274@attbi_s52...

> At Microsoft. Security is job one. (You don't even want to see their "number 2.")

Microsoft security looks like "number 2" to me...

Matt O.

>>...I've never gotten anywhere near that volume. In fact, if I did, I would
immediately change my email address and notify everyone who needs to know....<<<<

I don't know how it happened, but I changed my address from "NYRides" to "NewYorkRides" and the bug
mail kept coming, without missing a beat. I figured I might as well just change it back to the
address all my contacts know. When I did, the mails resumed right away. I received 7 already today.

"Chuck Anderson" <[email protected]> wrote in message
news:AFryb.265041$275.949308@attbi_s53...
> NYRides wrote:
>
> > "Tim McNamara" <[email protected]> wrote in message
>
> >
> >
> >>Chuck Anderson <[email protected]> writes:
> >>
> >>
> >>
> >>>I can see by looking at the To: list that many in the rec.bicycles.rides group (and others)
> >>>were sent this email.
> >>>
> >>>Subject: Posta Sicura Elitel: notifica antivirus From: [email protected] (att. - Latest
> >>>Critical Patch.eml)
> >>>
> >>>This is a classic email worm that has invaded someone's address book and sent itself to
> >>>everyone in it. Looking at the list I see many contributors from here. And the email addresses
> >>>have to be from someone's address book (using an email address that I never use in public).
> >>>
> >>>Do not open this attachment. Microsoft never emails patches to users. It is a
> >>>worm/virus/trojan.
> >>>
> >>>I wonder who's got "the bug."
> >>>
> >>>
> >>Thousands of people, mostly people running Microsoft news/mail readers that automatically upen
> >>attachments and thus launch the bug into their system.
> >>
> >>This is, from the sounds of it, the SWEN (news spelled backwards) bug. It's been around for
> >>months- are you just getting it for the first time? I've gotten at least 15,000 of these rascals
> >>e-mailed to me over the past couple of months. It raids news spools for e=mail addresses.
> >>Someone like me who posts actively in a wide variety of newsgroups gets hit hard.
> >>
> >>
>
> >The barrage of "Microsoft" e-mails in my "NYRides" inbox has finally
settled
> >down a bit. I was getting 75 to 80 twice a day/every day for a while.
> >
> >
>
> Knock on wood.
>
> I've never gotten anywhere near that volume. In fact, if I did, I would immediately change my
> email address and notify everyone who needs to know. I've got several email usernames at this time
> and a few of them are pure throw aways. I only use them for registration at sites that I don't
> really care about and mail lists that I could always resubscribe to (if I care to). I think the
> key is to NOT get too attached to any one email address. All email addresses will become spambot
> fodder some day*.
>
> (* Unless you are very diligent about using it only in private messages. Even then, you could be
> harvested if someone sticks your address in a long To: list when forwarding a "real important
> message" that they MUST share with ALL of their friends.)
>
> 75 - 80 a day? I'd get a new email address and start over.
>
> --
> *****************************
> Chuck Anderson • Boulder, CO http://www.CycleTourist.com Integrity is obvious. The lack of it is
> common.
> *****************************

> 75 - 80 a day? I'd get a new email address and start over.

At its peak, I was getting at least that *an hour*. The curse of being a net.personality. Now it's
down to about a couple dozen daily.

--
Warm Regards,

Claire Petersky Please replace earthlink for mouse-potato and .net for .com

Home of the meditative cyclist: http://home.earthlink.net/~cpetersky/Welcome.htm

Books just wanna be FREE! See what I mean at: http://bookcrossing.com/friend/Cpetersky

"Claire Petersky" <[email protected]> wrote in message
news:UOQyb.275031$9E1.1429547@attbi_s52...

> > 75 - 80 a day? I'd get a new email address and start over.

> At its peak, I was getting at least that *an hour*. The curse of being a net.personality. Now it's
> down to about a couple dozen daily.

How'd you get it to go down? mouse-potato?

I get about that much all the time, more when the worm was out. POPFile handles it
perfectly, though.

http://popfile.sourceforge.net/

IMAP support is coming, and then I'll be rockin'.

Matt O.

"Matt O'Toole" <[email protected]> wrote in message news:[email protected]...
>
> "Claire Petersky" <[email protected]> wrote in message
> news:UOQyb.275031$9E1.1429547@attbi_s52...
>
> > > 75 - 80 a day? I'd get a new email address and start over.
>
> > At its peak, I was getting at least that *an hour*. The curse of being a net.personality. Now
> > it's down to about a couple dozen daily.
>
> How'd you get it to go down? mouse-potato?

For all I know, yahoo started filtering them out. Who knows?

--
Warm Regards,

Claire Petersky Please replace earthlink for mouse-potato and .net for .com

Home of the meditative cyclist: http://home.earthlink.net/~cpetersky/Welcome.htm

Books just wanna be FREE! See what I mean at: http://bookcrossing.com/friend/Cpetersky

Claire Petersky <[email protected]> wrote:
: For all I know, yahoo started filtering them out. Who knows?

nahh, it's just dying down. i've changed nothing and i only get about 10 a day or so (down from 75
an hour). the lame-os using OE are just starting to patch or catch on.

no problem, just wait around for the next one. i wouldn't mind so much if all these Outlook Express
problems didn't affect everyone else.
--
david reuteler [email protected]