WARNING virusmails in newsgroups

How the virus does it I don't know but it manages to post messages to Usenet. The messages I have seen are HTML pages that appear to come from Microsoft. They have an attachment. Do not open that attachment! If possible do not open that mail.

If you are using MSOutlook Express be sure you have set you security settings right. Be sure you have the latest updates on your machine and use a virusscanner.

formatting link
is good and is free.Use a firewall
formatting link
free and good.

Microsoft never sends patches or updates by e-mail and Usenet!

Now I need an excuse to make this on-topic again. What about the C6?

Reply to
2Rowdy
Loading thread data ...

snip

The more people realise this, the better!

If such messages are appearing in usenet, then I'd guess that someone is doing it on purpose, perhaps out of a misguided attempt at being helpful, or perhaps with malice. As the attachments are 'binaries', text-only news-servers will block them - but they might get through in binary groups.

I use a PDA running Windows CE in my car, sometimes, so it's not entirely off topic ;)) (At home, my desktop runs Linux).

Yes, what about the C6?

Reply to
Whiskers

Message i.d.: news: snipped-for-privacy@ID-107770.user.dfncis.de, by author Whiskers aka inspired me,

It must be the server I use but I have seen them in text-only newsgroups :-( According to someone I have heard the virus gets the addresses not only form the addressbook but also from send mails, those include Usenet mails. So I suspect is is not done on purpose, I hope.

:-)

I don't know. Will it even come of is it dreamdust?

Reply to
2Rowdy

snip

snip

Odd things do sometimes propagate in the 'wrong' groups, if they get posted to a server that isn't very discriminating.

Usenet is not e-mail, although some e-mail clients do have the ability to read and post in newsgroups. Newsgroup posting details aren't kept in the 'address book' though, even Outlook Express manages to keep them apart I think.

The 'to' field in an e-mail doesn't exist in something sent to a newsgroup; the message headers for email and usenet are quite different. If there was a virus (or some other 'nasty') designed to send bogus news-group articles, I think we'd be seeing them all over the busy groups. So I still think that if such messages are popping up in just a few places and in small numbers, they are being put there deliberately for some reason.

Reply to
Whiskers

I didn't think I'd seen any. Could it be the 'jumping C5'? They say that kangeroos are very energy-efficient so could Citroen be working on a car that travels kangeroo-fashion to get better fuel economy?

Reply to
Whiskers

Message i.d.: news: snipped-for-privacy@ID-107770.user.dfncis.de, by author Whiskers aka inspired me,

Read and shiver. Swen issa strong beast and it does manage what you think it can't. The reason why we don't see them so often is thanks to the people that cancel these messages.

formatting link

Reply to
2Rowdy

That seems to be in Japanese, which I can't read. But you are right; I've never noticed this with any other 'worm', and it is a worrying development. This is from Symantec:

,----[extract from Symantec Security Response re W32.Swen.A@mm ] | Transmission through newsgroups | The worm will enumerate the registry looking for newsgroup server | addresses, then attempt to contact that newsgroup server. If a newsgroup | server is not configured on the system, the worm will randomly select one | from a predefined list. The worm will download the available groups and | post messages to randomly selected groups. The messages posted to the | newsgroups are generated according to the same routine used for sending | email. `----

Reply to
Whiskers

Message i.d.: news: snipped-for-privacy@ID-107770.user.dfncis.de, by author Whiskers aka inspired me,

I don't know how I did that. It was supposed to be this one. (sorry)

formatting link

[cut]

Yep. Not a nice virus.

Reply to
2Rowdy

Whiskers ( snipped-for-privacy@operamail.com) gurgled happily, sounding much like they were saying :

All the more reason to use a decent NewsServer that just won't allow Binaries through to non-Binary groups, like this one. I haven't seen a single Swen in a newsgroup yet.

Reply to
Adrian

snip

Nor have I.

Reply to
Whiskers

snip

Interesting - that site lists all the news-servers targeted - I use one of them, and haven't been able to connect at all for a few days. It's probably gone off-line, at least to unregistered users, or is effectively being subject to a DoS. That is /very/ annoying.

Reply to
Whiskers

Message i.d.: news: snipped-for-privacy@ID-107770.user.dfncis.de, by author Whiskers aka inspired me,

I use my ISP's server. That one has the virus postings but when I look at the German server there are none.

Reply to
2Rowdy

Vorsprung durch technik, as the car adverts say ;))

Reply to
Whiskers

MotorsForum website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.