[Dshield] Swen related 'qmail' question

Jeff Kell jeff-kell at utc.edu
Wed Oct 1 04:50:39 GMT 2003


Guy Barnum wrote:

> Question regarding a flood of fake failed emails since Swen has been
> breeding in the wild:  I have recently been flooded with the fake
> microsoft support swen-attached emails (getting this one under
> control) but now I'm flooded with fake failed emails, some of which
> (%25 or less?) claim to be an undeliverable qmail message.  You can
> tell the messages that don't mention qmail are still from the same
> general source, they all look the same with 3 or 4 lines in the
> subject regarding a failed email message with the same text in the
> email bolded or not bolded in all of them.
> 
> I know this has been reported as one of the emails sent by the swen
> virus strain but ALL of these messages piling up on my system have no
> attachments and are not html emails with any macros or malicious
> code.

Look carefully.  In Netscape at least, you can "view source" and see an 
slightly mal-formed attachment hanging on the end of it

Jeff




More information about the list mailing list