"David Stinson" wrote in message
...
Ed Price wrote:
At work, I am getting ZERO Swens. But at home, that's completely
different. I have a cable connection through Cox, and I'm getting 75 to
100
Swens per day. (The first couple of days, I had over a hundred per day.)

You guys got it easy. I'm still getting several hundred per day.
I have my email program set to download every two minutes- only way to
keep the server from bouncing good emails. Then my filters
dump the garbage. Is this thing just local to radio-related usenet
users?
I'd think if it were global, you'd hear more news stories about it.

I noticed the Swen within a few hours of its start. I knew something must be
up, because my company's IT admin had sent an 8PM notice of his intent to
shut down the corporate email servers in ANTICIPATION of a net attack. (I
gotta find out who he talks to!) As soon as I saw that slick graphic, I knew
this was going to be a big deal.

I watched the various TV newscasts over the next few days. Near total
ignorance. And the few vague mentions seemed to confuse Swen with the
earlier SoBig. As far as I could tell, all the major news outlets were at
least 3 or 4 days behind the curve on the Swen attack. And even now, few
mentions have been given to the one problem that is bugging me, and that's
the simple byte volume that fills your mailbox till it gags.

Anyway, it's only gonna be a short time till the next attack of whatever
hits. And Swen will be down in the noise level, and almost as forgotten as
Melissa.

Ed
WB6WSN

In article YEcdb.2567$La.801@fed1read02, Ed Price wrote:



"--exray--" wrote in message
...
Chuck Harris wrote:
Michael A. Terrell wrote:


They should scan every received e-mail for virus or worms, and a


That fails when the virus/worm/trojan is modified even slightly. Ask
Norton, or McAfee why they have to update their virus scanners almost
daily.

valid FROM address.

How are you going to determine the from address is valid? email the
person at the address and ask them? What if the from address belongs
to someone other than the actual sender?


Infected e-mail should be deleted, and a message sent to the sender
that it was infected.


If you can determine who the sender really is. Sending email messages
to the forged email addresses that exist in the sender field of the
bad email just results in more needless email traffic.

The current email protocol provides no reliable way of validating the
sender's email address. It has needed upgrading for about 15 years
now.


Earthlink delivers E-mail with no FROM: information in the header.

If an ISP can't do this much, they need to go out of business.


Since no ISP can do what you are asking, I'd rather keep the current
"flawed" ISPs around for now, thank you.

Chuck, WA3UQV


I'm not sure of the mechanics of how it is actually done but there are
subscription services that ISPs can use to keep their mail services
clean and updated if they choose not to do it themselves.
Another "I'm not sure how it works" is with Mailwasher Pro...it will not
bounce to invalid yahoo addresses. Apparently some 'trial' ping is at
work, maybe in conjunction with Yahoo???.
Point being that these things can be accomplished although we are at a
early stage of seeing it actually happen.
-Bill


Exactly!! My company subscribes to a service like that; they get daily
updates for their filter software just like they get updates for their AV
file. At work, I am getting ZERO Swens. But at home, that's completely
different. I have a cable connection through Cox, and I'm getting 75 to 100
Swens per day. (The first couple of days, I had over a hundred per day.)
Sure, there's a few variations, but the 106 kB attachment is a real obvious
sign. Evidently, Cox doesn't care, and doesn't filter at all.

I don't leave my machine run 24/7, so the Swen IS a problem for me. Since
Cox only allows a 10 MB mailbox, about 90 Swens fills it. Then, Cox
graciously starts bouncing ALL my emails, since my box is now full. In
effect, an email DOS fringe benefit for the Swen.

My question is, why can't Cox afford a filter system for incoming email? And
my next question is why don't all reputable ISP's have a filter on outgoing
email? There's still a whole lot of the clueless who are yet to be infected,
and Swen attachments will be flowing for quite a while to come.

The answer to _any_ question that starts off "why don't they..." is *always*
"money".

How much more are _you_ willing to pay for your Internet access to cover
scanning of _your_ outgoing mail for viruses?

How much more are you willing to pay for virus-scanning of your incoming mail?
The commercial filtering services get $3-5 per mailbox, per month, in 'whole-
sale' quantities. And even the best of 'em don't catch everything.

In article YEcdb.2567$La.801@fed1read02, Ed Price wrote:



"--exray--" wrote in message
...
Chuck Harris wrote:
Michael A. Terrell wrote:


They should scan every received e-mail for virus or worms, and a


That fails when the virus/worm/trojan is modified even slightly. Ask
Norton, or McAfee why they have to update their virus scanners almost
daily.

valid FROM address.

How are you going to determine the from address is valid? email the
person at the address and ask them? What if the from address belongs
to someone other than the actual sender?


Infected e-mail should be deleted, and a message sent to the sender
that it was infected.


If you can determine who the sender really is. Sending email messages
to the forged email addresses that exist in the sender field of the
bad email just results in more needless email traffic.

The current email protocol provides no reliable way of validating the
sender's email address. It has needed upgrading for about 15 years
now.


Earthlink delivers E-mail with no FROM: information in the header.

If an ISP can't do this much, they need to go out of business.


Since no ISP can do what you are asking, I'd rather keep the current
"flawed" ISPs around for now, thank you.

Chuck, WA3UQV


I'm not sure of the mechanics of how it is actually done but there are
subscription services that ISPs can use to keep their mail services
clean and updated if they choose not to do it themselves.
Another "I'm not sure how it works" is with Mailwasher Pro...it will not
bounce to invalid yahoo addresses. Apparently some 'trial' ping is at
work, maybe in conjunction with Yahoo???.
Point being that these things can be accomplished although we are at a
early stage of seeing it actually happen.
-Bill


Exactly!! My company subscribes to a service like that; they get daily
updates for their filter software just like they get updates for their AV
file. At work, I am getting ZERO Swens. But at home, that's completely
different. I have a cable connection through Cox, and I'm getting 75 to 100
Swens per day. (The first couple of days, I had over a hundred per day.)
Sure, there's a few variations, but the 106 kB attachment is a real obvious
sign. Evidently, Cox doesn't care, and doesn't filter at all.

I don't leave my machine run 24/7, so the Swen IS a problem for me. Since
Cox only allows a 10 MB mailbox, about 90 Swens fills it. Then, Cox
graciously starts bouncing ALL my emails, since my box is now full. In
effect, an email DOS fringe benefit for the Swen.

My question is, why can't Cox afford a filter system for incoming email? And
my next question is why don't all reputable ISP's have a filter on outgoing
email? There's still a whole lot of the clueless who are yet to be infected,
and Swen attachments will be flowing for quite a while to come.

The answer to _any_ question that starts off "why don't they..." is *always*
"money".

How much more are _you_ willing to pay for your Internet access to cover
scanning of _your_ outgoing mail for viruses?

How much more are you willing to pay for virus-scanning of your incoming mail?
The commercial filtering services get $3-5 per mailbox, per month, in 'whole-
sale' quantities. And even the best of 'em don't catch everything.

In article ,
David Stinson wrote:


Ed Price wrote:
At work, I am getting ZERO Swens. But at home, that's completely
different. I have a cable connection through Cox, and I'm getting 75 to 100
Swens per day. (The first couple of days, I had over a hundred per day.)

You guys got it easy. I'm still getting several hundred per day.
I have my email program set to download every two minutes- only way to
keep the server from bouncing good emails. Then my filters
dump the garbage. Is this thing just local to radio-related usenet
users?
I'd think if it were global, you'd hear more news stories about it.

It's hitting practically everybody that *posts* to USENET netnews. That,
however is getting to be a 'vanishingly small' portion of the entire
'internet community' Probably 75% (or more) of today's internet users
have never even _heard_ of USENET to them "the internet" consists of the
World-Wide-Web, and *maybe* (for the 'advanced' users) direct use of
email. for -lots- of people, the only form of e-mail they know is web-mail.

The vast majority of people who use USENET are 'savvy' enough that the
reaction to _this_ virus,is just "oh boy, here we go, again." Emphasis
on "again". It's a nuisance. A d*mn nuisance. But, nothing worth getting
all worked up over.


Its getting a fair amount of coverage in various _technical_ media, but
it's not affecting enough of the 'mainstream' "internet user" community
to get mainstream press play.

The system/network admin and operations types are _very_ aware of what's
going on. Internet traffic volume for email has climbed back out of the
'noise'.

In article ,
David Stinson wrote:


Ed Price wrote:
At work, I am getting ZERO Swens. But at home, that's completely
different. I have a cable connection through Cox, and I'm getting 75 to 100
Swens per day. (The first couple of days, I had over a hundred per day.)

You guys got it easy. I'm still getting several hundred per day.
I have my email program set to download every two minutes- only way to
keep the server from bouncing good emails. Then my filters
dump the garbage. Is this thing just local to radio-related usenet
users?
I'd think if it were global, you'd hear more news stories about it.

It's hitting practically everybody that *posts* to USENET netnews. That,
however is getting to be a 'vanishingly small' portion of the entire
'internet community' Probably 75% (or more) of today's internet users
have never even _heard_ of USENET to them "the internet" consists of the
World-Wide-Web, and *maybe* (for the 'advanced' users) direct use of
email. for -lots- of people, the only form of e-mail they know is web-mail.

The vast majority of people who use USENET are 'savvy' enough that the
reaction to _this_ virus,is just "oh boy, here we go, again." Emphasis
on "again". It's a nuisance. A d*mn nuisance. But, nothing worth getting
all worked up over.


Its getting a fair amount of coverage in various _technical_ media, but
it's not affecting enough of the 'mainstream' "internet user" community
to get mainstream press play.

The system/network admin and operations types are _very_ aware of what's
going on. Internet traffic volume for email has climbed back out of the
'noise'.

"Robert Bonomi" bonomi@c-ns. wrote in message
link.net...
In article YEcdb.2567$La.801@fed1read02, Ed Price
wrote:



"--exray--" wrote in message
...
Chuck Harris wrote:
Michael A. Terrell wrote:


They should scan every received e-mail for virus or worms, and a


That fails when the virus/worm/trojan is modified even slightly. Ask
Norton, or McAfee why they have to update their virus scanners almost
daily.

valid FROM address.

How are you going to determine the from address is valid? email the
person at the address and ask them? What if the from address belongs
to someone other than the actual sender?


Infected e-mail should be deleted, and a message sent to the
sender
that it was infected.


If you can determine who the sender really is. Sending email
messages
to the forged email addresses that exist in the sender field of the
bad email just results in more needless email traffic.

The current email protocol provides no reliable way of validating the
sender's email address. It has needed upgrading for about 15 years
now.


Earthlink delivers E-mail with no FROM: information in the
header.

If an ISP can't do this much, they need to go out of business.


Since no ISP can do what you are asking, I'd rather keep the current
"flawed" ISPs around for now, thank you.

Chuck, WA3UQV


I'm not sure of the mechanics of how it is actually done but there are
subscription services that ISPs can use to keep their mail services
clean and updated if they choose not to do it themselves.
Another "I'm not sure how it works" is with Mailwasher Pro...it will
not
bounce to invalid yahoo addresses. Apparently some 'trial' ping is at
work, maybe in conjunction with Yahoo???.
Point being that these things can be accomplished although we are at a
early stage of seeing it actually happen.
-Bill


Exactly!! My company subscribes to a service like that; they get daily
updates for their filter software just like they get updates for their AV
file. At work, I am getting ZERO Swens. But at home, that's completely
different. I have a cable connection through Cox, and I'm getting 75 to
100
Swens per day. (The first couple of days, I had over a hundred per day.)
Sure, there's a few variations, but the 106 kB attachment is a real
obvious
sign. Evidently, Cox doesn't care, and doesn't filter at all.

I don't leave my machine run 24/7, so the Swen IS a problem for me. Since
Cox only allows a 10 MB mailbox, about 90 Swens fills it. Then, Cox
graciously starts bouncing ALL my emails, since my box is now full. In
effect, an email DOS fringe benefit for the Swen.

My question is, why can't Cox afford a filter system for incoming email?
And
my next question is why don't all reputable ISP's have a filter on
outgoing
email? There's still a whole lot of the clueless who are yet to be
infected,
and Swen attachments will be flowing for quite a while to come.

The answer to _any_ question that starts off "why don't they..." is
*always*
"money".

How much more are _you_ willing to pay for your Internet access to cover
scanning of _your_ outgoing mail for viruses?

How much more are you willing to pay for virus-scanning of your incoming
mail?
The commercial filtering services get $3-5 per mailbox, per month, in
'whole-
sale' quantities. And even the best of 'em don't catch everything.

Since I'm already paying $40 per month for broadband access, would I pay an
additional $5 for a fast reacting spam & virus & worm filter? Yes.

And remember, a filter would work both ways. incoming & outgoing. Much of
the problem is caused by clueless broadband users whose machines are taken
over and used to propagate the attacks. An ISP should have the duty to
suppress these sources of contagion.

OTOH, how much would the ISP save in storage resources, system overhead,
overloaded customer service reps? And what would be the market value in
being able to claim a reasonably "protected" ISP service?

Further, if a company has maybe 5000 mailboxes, might not an ISP with
250,000 mailboxes be able to talk a better deal?

Ed
WB6WSN

"Robert Bonomi" bonomi@c-ns. wrote in message
link.net...
In article YEcdb.2567$La.801@fed1read02, Ed Price
wrote:



"--exray--" wrote in message
...
Chuck Harris wrote:
Michael A. Terrell wrote:


They should scan every received e-mail for virus or worms, and a


That fails when the virus/worm/trojan is modified even slightly. Ask
Norton, or McAfee why they have to update their virus scanners almost
daily.

valid FROM address.

How are you going to determine the from address is valid? email the
person at the address and ask them? What if the from address belongs
to someone other than the actual sender?


Infected e-mail should be deleted, and a message sent to the
sender
that it was infected.


If you can determine who the sender really is. Sending email
messages
to the forged email addresses that exist in the sender field of the
bad email just results in more needless email traffic.

The current email protocol provides no reliable way of validating the
sender's email address. It has needed upgrading for about 15 years
now.


Earthlink delivers E-mail with no FROM: information in the
header.

If an ISP can't do this much, they need to go out of business.


Since no ISP can do what you are asking, I'd rather keep the current
"flawed" ISPs around for now, thank you.

Chuck, WA3UQV


I'm not sure of the mechanics of how it is actually done but there are
subscription services that ISPs can use to keep their mail services
clean and updated if they choose not to do it themselves.
Another "I'm not sure how it works" is with Mailwasher Pro...it will
not
bounce to invalid yahoo addresses. Apparently some 'trial' ping is at
work, maybe in conjunction with Yahoo???.
Point being that these things can be accomplished although we are at a
early stage of seeing it actually happen.
-Bill


Exactly!! My company subscribes to a service like that; they get daily
updates for their filter software just like they get updates for their AV
file. At work, I am getting ZERO Swens. But at home, that's completely
different. I have a cable connection through Cox, and I'm getting 75 to
100
Swens per day. (The first couple of days, I had over a hundred per day.)
Sure, there's a few variations, but the 106 kB attachment is a real
obvious
sign. Evidently, Cox doesn't care, and doesn't filter at all.

I don't leave my machine run 24/7, so the Swen IS a problem for me. Since
Cox only allows a 10 MB mailbox, about 90 Swens fills it. Then, Cox
graciously starts bouncing ALL my emails, since my box is now full. In
effect, an email DOS fringe benefit for the Swen.

My question is, why can't Cox afford a filter system for incoming email?
And
my next question is why don't all reputable ISP's have a filter on
outgoing
email? There's still a whole lot of the clueless who are yet to be
infected,
and Swen attachments will be flowing for quite a while to come.

The answer to _any_ question that starts off "why don't they..." is
*always*
"money".

How much more are _you_ willing to pay for your Internet access to cover
scanning of _your_ outgoing mail for viruses?

How much more are you willing to pay for virus-scanning of your incoming
mail?
The commercial filtering services get $3-5 per mailbox, per month, in
'whole-
sale' quantities. And even the best of 'em don't catch everything.

Since I'm already paying $40 per month for broadband access, would I pay an
additional $5 for a fast reacting spam & virus & worm filter? Yes.

And remember, a filter would work both ways. incoming & outgoing. Much of
the problem is caused by clueless broadband users whose machines are taken
over and used to propagate the attacks. An ISP should have the duty to
suppress these sources of contagion.

OTOH, how much would the ISP save in storage resources, system overhead,
overloaded customer service reps? And what would be the market value in
being able to claim a reasonably "protected" ISP service?

Further, if a company has maybe 5000 mailboxes, might not an ISP with
250,000 mailboxes be able to talk a better deal?

Ed
WB6WSN

Done. No worm.

"David Stinson" wrote in message
...
The SWEN Worm is possibly the nastiest email worm in history,
so I don't mind getting chewed-out for posting about it.

PLEASE run the Symentec fix at:

http://www.symantec.com/avcenter/FixSwen.exe

You are perfectly safe to do so, and you will help out your friends.

Thanks,
Dave S.

Done. No worm.

"David Stinson" wrote in message
...
The SWEN Worm is possibly the nastiest email worm in history,
so I don't mind getting chewed-out for posting about it.

PLEASE run the Symentec fix at:

http://www.symantec.com/avcenter/FixSwen.exe

You are perfectly safe to do so, and you will help out your friends.

Thanks,
Dave S.

Ed Price wrote:

"Robert Bonomi" bonomi@c-ns. wrote in message
link.net...
In article YEcdb.2567$La.801@fed1read02, Ed Price
wrote:

Exactly!! My company subscribes to a service like that; they get daily
updates for their filter software just like they get updates for their AV
file. At work, I am getting ZERO Swens. But at home, that's completely
different. I have a cable connection through Cox, and I'm getting 75 to
100
Swens per day. (The first couple of days, I had over a hundred per day.)
Sure, there's a few variations, but the 106 kB attachment is a real
obvious
sign. Evidently, Cox doesn't care, and doesn't filter at all.

I don't leave my machine run 24/7, so the Swen IS a problem for me. Since
Cox only allows a 10 MB mailbox, about 90 Swens fills it. Then, Cox
graciously starts bouncing ALL my emails, since my box is now full. In
effect, an email DOS fringe benefit for the Swen.

My question is, why can't Cox afford a filter system for incoming email?
And
my next question is why don't all reputable ISP's have a filter on
outgoing
email? There's still a whole lot of the clueless who are yet to be
infected,
and Swen attachments will be flowing for quite a while to come.

The answer to _any_ question that starts off "why don't they..." is
*always*
"money".

How much more are _you_ willing to pay for your Internet access to cover
scanning of _your_ outgoing mail for viruses?

How much more are you willing to pay for virus-scanning of your incoming
mail?
The commercial filtering services get $3-5 per mailbox, per month, in
'whole-
sale' quantities. And even the best of 'em don't catch everything.

Since I'm already paying $40 per month for broadband access, would I pay an
additional $5 for a fast reacting spam & virus & worm filter? Yes.

And remember, a filter would work both ways. incoming & outgoing. Much of
the problem is caused by clueless broadband users whose machines are taken
over and used to propagate the attacks. An ISP should have the duty to
suppress these sources of contagion.

OTOH, how much would the ISP save in storage resources, system overhead,
overloaded customer service reps? And what would be the market value in
being able to claim a reasonably "protected" ISP service?

Further, if a company has maybe 5000 mailboxes, might not an ISP with
250,000 mailboxes be able to talk a better deal?

Ed
WB6WSN

At that volume they should implement it themselves, and just
subscribe to the update services.
--


Michael A. Terrell
Central Florida