-
December 3rd, 2003, 10:24 AM
#1
**HeadsUp** Kwbot.S
(Rant at end of post)
Hi Guy's
Another version of the many Social engineering Worms doing the rounds..
this Heads Up is more to remind the unwashed that many of our "helpful" internet friends may not be...
From the Symantec Website: Kwbot.s page
W32.Kwbot.S.Worm@mm is a mass-mailing variant of W32.Kwbot.Worm. The worm attempts to spread through the Kazaa file-sharing network and uses its own SMTP engine to email itself to contacts in the Windows address book.
The email message has the following characteristics:
Subject: (randomly chosen from the following list)
check this out
please give me feedback on this
long time no see
pictures of the kids
good antivirus
Attachment: app.exe
W32.Kwbot.S.Worm@mm is packed with UPX v1.20.
Currently Rated Cat 2: with a high Distribution rate.. Damage and Wild levels are Low..
Also check current version of Mimail.L
.. typical of these type.. recieved a copy today.. from a German friend.. the headers listed the mail server as Singapore.... except.. his mail server is not in singapore.. his daughter's is.. guess who the infected party is..
Oh and guess who else is infected.. ..
Currently I check the Headers and routing information on emails with attachments that pass the AV scann.. Any one know of an automated approach ,, to check that the from ADD and Mail server match a known list.. Currently using "Pop3 Scan Mailbox" to view the header info before downloading.. this is my semi auto spam filter.. and how I check/compare Addy with mail server..
Cheers (Still Smelly) Undies
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
December 3rd, 2003, 12:26 PM
#2
Hi Und3ertak3r,
Thanks for the heads up.
Mass mailing and SMTP huh? Take a look at:
http://www.internals.com/
and look for "Mail Control" by Yariv Kaplan. This product requires confirmation before allowing outgoing SMTP mail. It does not protect you, but it protects others, and stops these things spreading.
I won't ask you about the R***y, as both sides seemed to have to extra players on the pitch
Cheers
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|