Full Disclosure mailing list archives

Re: new virus: (fwd)

From: Daniel Tams <dantams () danieltams dyndns org>
Date: Fri, 19 Sep 2003 20:51:56 +0200 (CEST)

On Fri, 19 Sep 2003, Ron Clark wrote:

---------- Forwarded message ----------
Date: Fri, 19 Sep 2003 18:22:00 +0300
From: Eero Volotinen <security () jlug org>
To: Ron Clark <ron () pi-mail Armstrong EDU>
Subject: Re: [Full-disclosure] new virus:

Yes, it's swan virus.

--
Eero

If you meant swen, this doesn't look like swen. Nothing mentioning
micro$oft


Today I received a copy of both emails and they both came from the same
host within a 15 minute interval. That makes me also believe that they are
connected somehow.

Maybe a computer infected by either worm will propagate using both types?

Return-Path: <info () accessrental com>
Delivered-To: dantams () danieltams dyndns org
Received: (qmail 13136 invoked from network); 19 Sep 2003 18:01:13 -0000
Received: from kellylake96-79.cyberbeach.net (HELO 
mail.personainternet.com) (216.104.96.79)
  by ratbert.danieltams.dyndns.org with SMTP; 19 Sep 2003 18:01:13 -0000
Received: (qmail 5864 invoked from network); 19 Sep 2003 18:00:56 -0000
Received: from unknown (HELO xdzodhgt) ([24.139.19.217])
          (envelope-sender <info () accessrental com>)
          by mail.personainternet.com (qmail-ldap-1.03) with SMTP
          for <cwage () agenteight com>; 19 Sep 2003 18:00:56 -0000
FROM: "Microsoft Security Bulletin" <sftrlxuiylqcma () newsletters msn net>
TO: "Customer" <okyq_cfrnzhu () newsletters msn net>
SUBJECT: New Net Upgrade
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="knpuhfthdimw"

Return-Path: <info () accessrental com>
Delivered-To: dantams () danieltams dyndns org
Received: (qmail 21824 invoked from network); 19 Sep 2003 18:14:32 -0000
Received: from kellylake96-79.cyberbeach.net (HELO 
mail.personainternet.com) (216.104.96.79)
  by ratbert.danieltams.dyndns.org with SMTP; 19 Sep 2003 18:14:32 -0000
Received: (qmail 12395 invoked from network); 19 Sep 2003 18:14:16 -0000
Received: from unknown (HELO wyxpcpmu) ([24.139.19.217])
          (envelope-sender <info () accessrental com>)
          by mail.personainternet.com (qmail-ldap-1.03) with SMTP
          for <payal-bsd () staticky com>; 19 Sep 2003 18:14:16 -0000
FROM: "" <xmailservice () netmail com>
TO: "Internet Recipient" <user () mailserver net>
SUBJECT: Error Advice
Mime-Version: 1.0
Content-Type: multipart/alternative;
        boundary="dmpkrr"

- Daniel

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Automat? Was (Re: new virus: ), (continued)
- - - Re: Automat? Was (Re: new virus: ) disclosure (Sep 19)
    - Re: Automat? Was (Re: new virus: ) B.K. DeLong (Sep 19)
    - Re: Automat? Was (Re: new virus: ) Nick FitzGerald (Sep 20)
  - Re: new virus: (fwd) Exibar (Sep 19)
    - Re: new virus: (fwd) morning_wood (Sep 20)
    - SV: new virus: (fwd) Peter Kruse (Sep 20)
    - RE: new virus: (fwd) Steve Wray (Sep 20)
    - Re: SV: new virus: (fwd) Rocco Stanzione (Sep 20)
    - Re: new virus: (fwd) Paul Schmehl (Sep 20)
  - Re: new virus: (fwd) Christophe Tommasini (Sep 19)
  - Re: new virus: (fwd) Daniel Tams (Sep 19)
    - Re: new virus: (fwd) Kye Lewis (Sep 19)