Results 1 to 2 of 2

Thread: **HeadsUp** Kwbot.S

  1. #1
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744

    Exclamation **HeadsUp** Kwbot.S

    (Rant at end of post)
    Hi Guy's

    Another version of the many Social engineering Worms doing the rounds..
    this Heads Up is more to remind the unwashed that many of our "helpful" internet friends may not be...

    From the Symantec Website: Kwbot.s page
    W32.Kwbot.S.Worm@mm is a mass-mailing variant of W32.Kwbot.Worm. The worm attempts to spread through the Kazaa file-sharing network and uses its own SMTP engine to email itself to contacts in the Windows address book.

    The email message has the following characteristics:

    Subject: (randomly chosen from the following list)

    check this out
    please give me feedback on this
    long time no see
    pictures of the kids
    good antivirus

    Attachment: app.exe

    W32.Kwbot.S.Worm@mm is packed with UPX v1.20.
    Currently Rated Cat 2: with a high Distribution rate.. Damage and Wild levels are Low..

    Also check current version of Mimail.L

    .. typical of these type.. recieved a copy today.. from a German friend.. the headers listed the mail server as Singapore.... except.. his mail server is not in singapore.. his daughter's is.. guess who the infected party is..
    Oh and guess who else is infected.. ..

    Currently I check the Headers and routing information on emails with attachments that pass the AV scann.. Any one know of an automated approach ,, to check that the from ADD and Mail server match a known list.. Currently using "Pop3 Scan Mailbox" to view the header info before downloading.. this is my semi auto spam filter.. and how I check/compare Addy with mail server..

    Cheers (Still Smelly) Undies
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi Und3ertak3r,

    Thanks for the heads up.

    Mass mailing and SMTP huh? Take a look at:

    http://www.internals.com/

    and look for "Mail Control" by Yariv Kaplan. This product requires confirmation before allowing outgoing SMTP mail. It does not protect you, but it protects others, and stops these things spreading.

    I won't ask you about the R***y, as both sides seemed to have to extra players on the pitch

    Cheers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •