Hundreds of Emails from "Microsoft"

[Michael Ryznar]

Hello,

Since about September 2003, I have been receiving between 80 to 100 emails
per day from an unknown source claiming to be Microsoft. The email is a
virus or a worm known as "Swen". It is a very serious virus for Microsoft
Windows users but fortunately for myself in the case of this particular
virus, I have a Mac computer and so far it doesn't seem to affect Mac
computers. My computer is a blue and white G3 running OS 9.2.2. I also have
OS 10.1 which I use occasionally and the virus emails appear in OS10.1 as
well showing up in my OS10 Mac Mail program. I tried the "bounce back"
feature of the OS 10.1 mail program and it didn't stop the virus emails from
coming. On my OS 9.2.2 I now use MS Outlook Express 5.0.3. I really don't
know what to do next to stop all this email spam. All the help I have seen
from my research into this virus mostly applies to Windows users but no
where can I find any suggestions how to stop these hundreds of "Microsoft"
spam emails from continuing to arrive. Perhaps the virus is coming from
within my computer and duplicating itself? I really don't know.

Here are some of the other names this virus has been known as:

Win32.Swen@mm virus
W32.Gibe@mm
Swen-A

The email begins with the following line:

this is the latest version of security update, the "October 2003, Cumulative
Patch" update

The next email that comes automatically whether you do anything or not
reads:
Subject:
Undeliverable Message: User unknown
I'm sorry to have to inform you that I wasn't able to deliver your message
to the following addresses


I just updated my Norton Virus Definition files (definitions dated Oct 1)
and ran an antivirus scan of my harddrive and there is no problem with my
Mac computer. So I would guess my computer is OK.

The big problem however is the fact that I am still receiving 100 emails per
day with this virus and it is time consuming to be constantly deleting them.
I even tried rebuilding my mailbox (recompress by holding the option key
when rebooting Outlook). No luck.

This has become a problem because it is clogging my incoming mail and every
hour of the day I must delete these annoying emails. How can I prevent these
emails from arriving in my email inbox? I cannot change my email address due
to specific reasons. Am I going to have to delete these hundreds of emails
everyday for years to come?

I don't use any spam filters and I am reluctant to give in to using these.
There must be a way to get to the root of the problem. I see that other
people are having the same problem as I describe but one response to the
suggestion to create different mail rules was the problem is that the emails
are coming from different email addresses, with different subject lines, and
different attachments each time. There must be a way to stop this.

I would be grateful for any suggestions.

PS It really makes you wonder what kind of people write these destructive
viruses like this. I do hope one day these people will find their joy or
their fulfillment in their lives some other way.


Michael Ryznar
Burnaby BC
Canada

 

[William M. Smith]

I don't use any spam filters and I am reluctant to give in to using these.
There must be a way to get to the root of the problem. I see that other
people are having the same problem as I describe but one response to the
suggestion to create different mail rules was the problem is that the emails
are coming from different email addresses, with different subject lines, and
different attachments each time. There must be a way to stop this.

Hi Michael!

The SWEN virus' name is NEWS spelled backwards. This virus scans newsgroups
for email addresses and then spams them using infected Windows systems.

The only defense in this case is a good offense. Rather than posting a real
email address ANYWHERE in public, try obfuscating it. I've done this with
mine and it helps tremendously.

Viruses aren't particularly smart or care about getting email addresses
correct. They're just dumb beasts sending to anything they can. If you
obfuscate your address then it will essentially send the message to an
address that doesn't exist. Of course, if you want someone to really send
you a message then you need to provide instructions for how to determine the
real address.

Until email servers implement better spam controls and infected Windows
users are properly patched, you'll continue to receive these messages.

Microsoft does not send unsolicited email. If you have not subscribed to any
newsletters or announcements from Microsoft, you can simply create a few
rules based on Microsoft's name such as "Microsoft" and "patch" or "fix" or
in the Subject.

Hope this helps! bill

 

[Steve Wilson]

Hello,

Since about September 2003, I have been receiving between 80 to 100 emails
per day from an unknown source claiming to be Microsoft. The email is a
virus or a worm known as "Swen". It is a very serious virus for Microsoft
Windows users but fortunately for myself in the case of this particular
virus, I have a Mac computer and so far it doesn't seem to affect Mac
computers. My computer is a blue and white G3 running OS 9.2.2. I also have
OS 10.1 which I use occasionally and the virus emails appear in OS10.1 as
well showing up in my OS10 Mac Mail program. I tried the "bounce back"
feature of the OS 10.1 mail program and it didn't stop the virus emails from
coming. On my OS 9.2.2 I now use MS Outlook Express 5.0.3. I really don't
know what to do next to stop all this email spam. All the help I have seen
from my research into this virus mostly applies to Windows users but no
where can I find any suggestions how to stop these hundreds of "Microsoft"
spam emails from continuing to arrive. Perhaps the virus is coming from
within my computer and duplicating itself? I really don't know.

Here are some of the other names this virus has been known as:

Win32.Swen@mm virus
W32.Gibe@mm
Swen-A

The email begins with the following line:

this is the latest version of security update, the "October 2003, Cumulative
Patch" update

The next email that comes automatically whether you do anything or not
reads:
Subject:
Undeliverable Message: User unknown
I'm sorry to have to inform you that I wasn't able to deliver your message
to the following addresses


I just updated my Norton Virus Definition files (definitions dated Oct 1)
and ran an antivirus scan of my harddrive and there is no problem with my
Mac computer. So I would guess my computer is OK.

The big problem however is the fact that I am still receiving 100 emails per
day with this virus and it is time consuming to be constantly deleting them.
I even tried rebuilding my mailbox (recompress by holding the option key
when rebooting Outlook). No luck.

This has become a problem because it is clogging my incoming mail and every
hour of the day I must delete these annoying emails. How can I prevent these
emails from arriving in my email inbox? I cannot change my email address due
to specific reasons. Am I going to have to delete these hundreds of emails
everyday for years to come?

I don't use any spam filters and I am reluctant to give in to using these.
There must be a way to get to the root of the problem. I see that other
people are having the same problem as I describe but one response to the
suggestion to create different mail rules was the problem is that the emails
are coming from different email addresses, with different subject lines, and
different attachments each time. There must be a way to stop this.

I would be grateful for any suggestions.

PS It really makes you wonder what kind of people write these destructive
viruses like this. I do hope one day these people will find their joy or
their fulfillment in their lives some other way.


Michael Ryznar
Burnaby BC
Canada

I have been receiving the same 'Microsoft' emails as well as penis
enlargement, pharmacy ads, and viagra ads. I need none of these nor have I
requested such. I was blocking senders but they use different sender names
each time. I delete hundreds every day as well. I am with Charter and they
have suggested I report them to (e-mail address removed). I agree we need to get to
the root of the problem, but until then I would like to bounce them.

fkey

 

[Steve Wilson]

Hi Michael!

The SWEN virus' name is NEWS spelled backwards. This virus scans newsgroups
for email addresses and then spams them using infected Windows systems.

The only defense in this case is a good offense. Rather than posting a real
email address ANYWHERE in public, try obfuscating it. I've done this with
mine and it helps tremendously.

Viruses aren't particularly smart or care about getting email addresses
correct. They're just dumb beasts sending to anything they can. If you
obfuscate your address then it will essentially send the message to an
address that doesn't exist. Of course, if you want someone to really send
you a message then you need to provide instructions for how to determine the
real address.

Until email servers implement better spam controls and infected Windows
users are properly patched, you'll continue to receive these messages.

Microsoft does not send unsolicited email. If you have not subscribed to any
newsletters or announcements from Microsoft, you can simply create a few
rules based on Microsoft's name such as "Microsoft" and "patch" or "fix" or
in the Subject.

Hope this helps! bill

If I go to the prefernce section of Explorer and delete my email address
from the email section will that keep pages I visit from knowing my email
address?

Thanks

 

[Michael Ryznar]

Hello William,

Thank you for all your interesting and extremely helpful advice.

Rather than posting a real email address ANYWHERE in public, try obfuscating

it.

I'll try this when I can but there are shortcomings to this suggestion. Any
obfuscated email you send to people such as in this format:

(e-mail address removed)

is not returnable if the receiver doesn't expect this. They will simply
press the "reply to sender" button and the email would bounce back and
frustrate the user. This wouldn't be a very wise business practice.

Perhaps I have misunderstood your suggestion and so I would like to ask if
you had something else in mind when you suggested obfuscating your email
address?

Of course, if you want someone to really send you a message then you need to

provide instructions for how to determine the real address.

Do you have any examples of this being done in the real business world?
Sounds good in theory but impractical in today's business correspondence.

As far as newsgroups, when you sign up for a newsgroup I believe the only
way you can take part in newsgroup discussions is by giving them your real
email address. I could be wrong about this and I am now going to do some
research on this.

I can see where your advice is really helpful though and that is in your
signature at the bottom of a posted newsgroup question - simply don't put
your email address here or else obfuscate it as we mentioned before:

(e-mail address removed)

Again I am not trying to sound negative and I certainly appreciated your
helpful and generous post but I am just trying to see if you agree that
there are serious negative implications to obfuscating your email address.

I have a feeling that we are all going to have to just get used to writing
rules to filter email spam in addition to obfuscating our email address -
where it is practical to obfuscate email addresses.

Thanks William


PS What do you think is more clear:

(e-mail address removed)
or
(e-mail address removed)
?
(the difference is the period after REMOVETHIS)



Michael Ryznar
Ryznar Design
Burnaby, BC
Canada

http://www.ryznardesign.com

 

[Michael Ryznar]

If I go to the prefernce section of Explorer and delete my email address

from the email section will that keep pages I visit from knowing my email
address?

Thanks

I don't think so Steve. I think the email address in that particular
preference box is only used to help you fill out online forms on web sites
faster.

I think William had a good point about obfuscating your email address. I am
not sure how to do it but I will guess: In Outlook go to Tool > Accounts and
then choose your account from which you send your mail. Then double click it
to open the Edit Account menu so that you can change your personal
information settings. Here you can change your email address to:

(e-mail address removed)

Then when you post to a newsgroup your real email address is hidden. A user
hopefully will see that in order to reply to you they would have to remove
the text "REMOVETHIS." Sounds like a safe way to post to newsgroup lists.
This is my understanding of Williams interesting suggestion.

Mike

 

[William M. Smith]

If I go to the prefernce section of Explorer and delete my email address
from the email section will that keep pages I visit from knowing my email
address?

Hi Steve!

Probably not.

Your email address isn't being sent to websites when you visit them. Your
email address IS appearing on websites when you post to public places such
as the Microsoft newsgroups or any other newsgroups such as comp.*, alt.*,
etc.

As an experiment go to http://groups.google.com and search for your email
address. You'll see your address there a few times.

Most folks probably don't realize how widespread their addresses can become
when posted in public. Plus any replies to your postings will only add to
the number of times your email appears in public. Anything in public can and
WILL be harvested by spambots. And it stays there for a very long time.

Spambot harvesters are not very intelligent, however. This is why I suggest
obfuscating email addresses that you use in public. They can't determine
what's real and what's not and they won't try very hard if they do try. (You
don't need to obfuscate when sending to friends and direct business
relations.)

Hope this helps! bill

 

[William M. Smith]

I'll try this when I can but there are shortcomings to this suggestion. Any
obfuscated email you send to people such as in this format:

(e-mail address removed)

is not returnable if the receiver doesn't expect this. They will simply
press the "reply to sender" button and the email would bounce back and
frustrate the user. This wouldn't be a very wise business practice.

Definitely not good business practice, but I would suggest using it more for
the purpose of posting email addresses in public newsgroups.

Perhaps I have misunderstood your suggestion and so I would like to ask if
you had something else in mind when you suggested obfuscating your email
address?

Do you have any examples of this being done in the real business world?
Sounds good in theory but impractical in today's business correspondence.

No examples in the business world but businesses should still guard their
email addresses. See this discussion
http://www.mail-archive.com/[email protected]/msg11095.html.

As far as newsgroups, when you sign up for a newsgroup I believe the only
way you can take part in newsgroup discussions is by giving them your real
email address. I could be wrong about this and I am now going to do some
research on this.

You're definitely correct about this, but mailing lists are usually
moderated and even a spammer has to provide a legitimate address to post.
This is too much trouble for most.

Again I am not trying to sound negative and I certainly appreciated your
helpful and generous post but I am just trying to see if you agree that
there are serious negative implications to obfuscating your email address.

For newsgroups, I post my email address in case someone has a legitimate
need to contact me privately, but I obfuscate it to protect my email account
from spammers. I would expect most folks are savvy enough to figure out the
problem if they receive a bounced message. The worst case scenario is the
person has to contact me through the public newsgroups.

I have a feeling that we are all going to have to just get used to writing
rules to filter email spam in addition to obfuscating our email address -
where it is practical to obfuscate email addresses.

In a corporate environment, administrators have access to better tools and
services to block the majority of spam. Home users should educate themselves
more in how to prevent spam rather than filtering it.

No one has said all this any better than the Center for Democracy &
Technology (http://www.cdt.org). Their report "Why Am I Getting All This
Spam? Unsolicited Commercial E-mail Research Six Month Report"
(http://www.cdt.org/speech/spam/030319spamreport.shtml) from March 2003 is a
must read if you want to learn how to prevent getting spam.

PS What do you think is more clear:

(e-mail address removed)
or
(e-mail address removed)
?
(the difference is the period after REMOVETHIS)

I would personally leave out the period since you have REMOVETHIS in caps.
As long anyone can figure it out, it has served its purpose. Another option
is spelling out your address, such as

Yourname at companyname dot com

Some folks will put instructions in their signatures as well to explain how
to interpret an obfuscated email such as

"Correct my address before replying to me." or
"Remove the obvious to reply."

bill

 

[Michael Ryznar]

http://www.cdt.org/speech/spam/030319spamreport.shtml

Thanks William for this really helpful link!

I would encourage anyone reading this post to read this document. It is
essentially the solution to all the problems mentioned in this post.

Mike

 

[Jennifer]

Just curious... how many people with this problem are listed as WHOIS
contacts with Network Solutions or any other domain registrar? I
changed my email address in this newsgroup, but realized that it's
posted publicly there. Think there may be a connection? Thoughts
please.

 

[Jason]

Michael Ryznar wrote...

The big problem however is the fact that I am still receiving 100 emails per
day with this virus and it is time consuming to be constantly deleting them.
I even tried rebuilding my mailbox (recompress by holding the option key
when rebooting Outlook). No luck.

This has become a problem because it is clogging my incoming mail and every
hour of the day I must delete these annoying emails.

I'm having a similar problem. My free account with yahoo is getting
suspended from receiving e-mails several times a day because SWEN
attachments are using up my six megs. I'm hoping to get an e-mail
campaign or something going so yahoo (and hotmail, and ISPs, etc.)
will pay attention to, and fix, the problem. E-mail yahoo
([email protected]), post to other user groups, try to get a
groundswell of discontent going! I can't imagine that it would be
difficult for yahoo and the service providers to prevent, with a high
level of accuracy, the SWEN e-mails from ever passing through their
servers. Let's make them do it!!!

Jason