Full Disclosure mailing list archives

Re: Swen Really Sucks

From: "Brent J. Nordquist" <b-nordquist () bethel edu>
Date: Wed, 24 Sep 2003 12:31:08 -0500 (CDT)

On Wed, 24 Sep 2003, Peter Busser <peter () trusteddebian org> wrote:

I use several procmail rules to filter out domains (microsoft.com,
msdn.com, etc.) in From: and From, To: (e.g. microsoft.com) and certain
words in the subject (e.g. Microsoft). Since the virus depends on
looking like an authentic message, it can't do too much randomisation of
the domains and subject lines. Of course the filtering is not perfect,
but it still reduces the number of virus messages hitting the inbox.


Someone pointed out yesterday that Swen has the header "SUBJECT: " in all
upper-case, as opposed to the usual mixed-case "Subject: ".  I looked at
all the ones I've received, and sure enough, they're all upper-case.  
That might be another telltale you can use if you're taking the procmail
approach.

-- 
Brent J. Nordquist <b-nordquist () bethel edu> N0BJN
Other contact information: http://kepler.acns.bethel.edu/~bjn/contact.html
* Fast pipe * Always on * Get out of the way - Tim Bray http://tinyurl.com/7sti

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

[Fwd: Last Critical Update] Ralf (Sep 23)
- RE: [Fwd: Last Critical Update] Richard M. Smith (Sep 23)
  - Re: [Fwd: Last Critical Update] Damian Gerow (Sep 23)
  - Swen Really Sucks Jason Coombs (Sep 23)
    - Re: Swen Really Sucks Jonathan A. Zdziarski (Sep 23)
    - Re: Swen Really Sucks Nick Price (Sep 24)
    - Re: Swen Really Sucks Peter Busser (Sep 24)
    - Re: Swen Really Sucks Evan Borgstrom (Sep 24)
    - Re: Swen Really Sucks Justin (Sep 24)
    - Re: Swen Really Sucks Evan Borgstrom (Sep 25)
    - Re: Swen Really Sucks Brent J. Nordquist (Sep 24)
    - Re: Swen Really Sucks christophe barbe (Sep 24)
    - Re: Swen Really Sucks Thamer Al-Harbash (Sep 24)
    - Re: Swen Really Sucks Joe Stewart (Sep 24)