My e-mail address

As some may know, I've been having a terrible problem with my e-mail.
Specifically, I've been getting so many messages from people infected with
the W32.Swen.A virus that legitimate messages have bounced because I'm at my
ISPs volume limits. Because of this, I've had to take extreme steps to
block those messages. The good news is that the steps have been effective.
The bad news is that they will block everybody not already in my address
book on the ISP server. The worst news is that there's no way to copy my
normal Outlook Express or Outlook addressbooks into the ISP server. I've
got to do it manually.

I'm putting people in the address book as quickly as possible, but until
I've got everyone in, some of you may get bounced message notices.
According to Earthlink, those that do, will receive some very simple form
that, when complete, will allow your messages to be delivered. The theory
is that spammers and virus invections won't fill out the forms. Friends
will. In order to avoid disappointing Earthlink (not to mention me), if you
get one of the messages, please fill out thr form. Anything important
enough to send to me personally, is important enough for me to want to see
it.

If you don't get the message or fill out the form, all is not lost.
Supposedly, I'll get a daily report on all messages diverted into a suspect
folder and be able to retrieve those of value manually. It's a bother to
everybody, but it's a necessary bother for me.
--
Lee Bell, CID

All the evidence points to the information being gathered from newsgroups.
People who have not paid any attention to what everybody has been saying
for the last two years and were stupid enough to open the attachment are the
ones spreading it.

The good news is that a twit on another group did just that and said he
would reformat his computer to fix the problem. He hasn't been heard from in
days.


http://grc.com/dcom/intro.htm is one of the best places to see if you are
part of the problem

"Lee Bell" <leebell@ix.netcom.com> wrote in message
news:wsIbb.55545$Aq2.18996@newsread1.news.atl.eart hlink.net...
> As some may know, I've been having a terrible problem with my e-mail.
> Specifically, I've been getting so many messages from people infected with
> the W32.Swen.A virus that legitimate messages have bounced because I'm at
my
> ISPs volume limits. Because of this, I've had to take extreme steps to
> block those messages. The good news is that the steps have been
effective.
> The bad news is that they will block everybody not already in my address
> book on the ISP server. The worst news is that there's no way to copy my
> normal Outlook Express or Outlook addressbooks into the ISP server. I've
> got to do it manually.
>
> I'm putting people in the address book as quickly as possible, but until
> I've got everyone in, some of you may get bounced message notices.
> According to Earthlink, those that do, will receive some very simple form
> that, when complete, will allow your messages to be delivered. The theory
> is that spammers and virus invections won't fill out the forms. Friends
> will. In order to avoid disappointing Earthlink (not to mention me), if
you
> get one of the messages, please fill out thr form. Anything important
> enough to send to me personally, is important enough for me to want to see
> it.
>
> If you don't get the message or fill out the form, all is not lost.
> Supposedly, I'll get a daily report on all messages diverted into a
suspect
> folder and be able to retrieve those of value manually. It's a bother to
> everybody, but it's a necessary bother for me.
> --
> Lee Bell, CID
>
>

> http://grc.com/dcom/intro.htm is one of the best places to see if you are
> part of the problem

/me smacks head on wall at the mention of "that" site being mentioned in a
security related post. Gibson is nothing more than a self publicist with
limited if any knowledge.


"All the evidence points to the information being gathered from newsgroups."

The virus searches through .dbx files amongst others so it gets its
addresses that way. Usenet, normal email and so on use this format via
Outlook Express so if the person has read the group the emails posted to it
will be on their machine.

rec.sport.rugby-union and several others i frequent also have the problem.

My personal account now has near 2,000 messages (virus and bounce) and as a
result is totally unusable. My yahoo-groups only email address had its
first 4 today - the only way that got through is by people on the lists im
on being infected and having the data mined.

This microsoft site has their details and links to other AV makers pages
with information:

http://www.microsoft.com/technet/tre...lerts/swen.asp


To keep it on topic. Dive link, i returned from my weekend away of non
diving (boat engine died) to delete 400 of the things. Managed a pityful 1
day of diving in all of september due to weather and boat problems.

"Richard Whitcombe" <Richard.Whitcombe@btinternet.com> wrote in message
news:bko1ql$3nmgj$1@ID-32032.news.uni-berlin.de...
>
>
> > http://grc.com/dcom/intro.htm is one of the best places to see if you
are
> > part of the problem
>
> /me smacks head on wall at the mention of "that" site being mentioned in a
> security related post. Gibson is nothing more than a self publicist with
> limited if any knowledge.
And you can document this in what way?
>
>
> "All the evidence points to the information being gathered from
newsgroups."
>
> The virus searches through .dbx files amongst others so it gets its
> addresses that way. Usenet, normal email and so on use this format via
> Outlook Express so if the person has read the group the emails posted to
it
> will be on their machine.

Possibly but people who do not use Usenet are reporting *far* less problems.
The two sites that I collect all the email for but don't use for usenet have
barely been touched.
>
> rec.sport.rugby-union and several others i frequent also have the problem.

They all do.
>
> My personal account now has near 2,000 messages (virus and bounce) and as
a
> result is totally unusable. My yahoo-groups only email address had its
> first 4 today - the only way that got through is by people on the lists im
> on being infected and having the data mined.
>
2000? You've hardly been touched.

> This microsoft site has their details and links to other AV makers pages
> with information:
>
>
http://www.microsoft.com/technet/tre...hnet/security/
virus/alerts/swen.asp
>
>
> To keep it on topic. Dive link, i returned from my weekend away of non
> diving (boat engine died) to delete 400 of the things. Managed a pityful
1
> day of diving in all of september due to weather and boat problems.
>
>
>

"Mike Painter" wrote ...
> Possibly but people who do not use Usenet are
> reporting *far* less problems.

I haven't received a single one of the infected emails... I receive tons of
other spam each day though, but through judicious use of the blocked senders
list, I've cut it down to just a few each day... Yeah, I'm blocking entire
domains instead of just specific users, but I don't think I'm going to be
receiving any legitimate email from anyone in some oddball .de domain
anyway...

"Lee Bell" <leebell@ix.netcom.com> wrote in message
news:wsIbb.55545$Aq2.18996@newsread1.news.atl.eart hlink.net...
> As some may know, I've been having a terrible problem with my e-mail.
> Specifically, I've been getting so many messages from people infected with
> the W32.Swen.A virus that legitimate messages have bounced because I'm at
my
> ISPs volume limits. Because of this, I've had to take extreme steps to
> block those messages. The good news is that the steps have been
effective.
> The bad news is that they will block everybody not already in my address
> book on the ISP server. The worst news is that there's no way to copy my
> normal Outlook Express or Outlook addressbooks into the ISP server. I've
> got to do it manually.

Not to jump on you, but that's a shitty solution. In the past 4 days I've
gotten 1573 virus emails, and every one of them has been easily filtered and
dumped into the trash folder by 12 simple Outlook Express mail rules.
They're easy to filter. I can give you more info if you want.

Jon

"Jon C" <jon@jonnythan.com> entertained us with:
:Not to jump on you, but that's a shitty solution. In the past 4 days I've
:gotten 1573 virus emails, and every one of them has been easily filtered and
:dumped into the trash folder by 12 simple Outlook Express mail rules.
:They're easy to filter. I can give you more info if you want.

Where possible, it is better to filter them at the server, especially if you do
not have a high speed connection. Even if you use Outlook Express to delete
from the server, you still have to download all those headers.

Now if I can only figure out how to filter them at the server. My ISP also
pre-scans them, which makes it harder to filter.

Dan Bracuk
As Big Ben said to the Leaning Tower of Pisa, I've got the time if you've got the inclination.
The Best of Rec.Scuba
http://www.pathcom.com/~bracuk/RecScuba/


-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 100,000 Newsgroups - 19 Different Servers! =-----

Simple, a program like MailWasher will allow you to do all the filtering you
need.

http://www.firetrust.com/home/



"Dan Bracuk" <bracuk@pathcom.com> wrote in message
news:3savmvspj2magtme1635qvpkjhvt6efodp@4ax.com...
> "Jon C" <jon@jonnythan.com> entertained us with:
> :Not to jump on you, but that's a shitty solution. In the past 4 days
I've
> :gotten 1573 virus emails, and every one of them has been easily filtered
and
> :dumped into the trash folder by 12 simple Outlook Express mail rules.
> :They're easy to filter. I can give you more info if you want.
>
> Where possible, it is better to filter them at the server, especially if
you do
> not have a high speed connection. Even if you use Outlook Express to
delete
> from the server, you still have to download all those headers.
>
> Now if I can only figure out how to filter them at the server. My ISP
also
> pre-scans them, which makes it harder to filter.
>
> Dan Bracuk
> As Big Ben said to the Leaning Tower of Pisa, I've got the time if you've
got the inclination.
> The Best of Rec.Scuba
> http://www.pathcom.com/~bracuk/RecScuba/
>
>
> -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
> http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
> -----== Over 100,000 Newsgroups - 19 Different Servers! =-----

Rudy Benner <benner@bogus.personainternet.com> wrote

> Simple, a program like MailWasher will allow you to do all the filtering
you
> need.

If I could filter on the name of the attachment, I could catch pretty much
all the problem messages, but I can't. I could filter on anything with an
attachment, but I get messages where the attachment is the essential element
of the message. I've tried filtering on every combination of from and
subject which helped, but still didn't catch messages that came through with
no from line and/or no subject. Even if I could filter all of the message,
it would not solve my problem. The volume of messages is exceeding my
allowance and, before I can filter anything, my important messages are being
bounced.

FYI, I've also added a new email address as well. The new one is lee dot
bell at ix dot netcom dot com instead of leebell at ix dot netcom dot com.
I'll start accessing both addresses in the morning.

Lee

On Tue, 23 Sep 2003 11:09:43 GMT, Chandler <joechandler@earthling.net>
wrote:


>> It is a shitty solution, but it beats having messages I'm supposed to be
>> receiving related to the Dive With Greg event bounce because my quota fills
>> in less than an an hour, sometimes much less. The higher level of security
>> blocks messages at the server, at least letting me retrive the ones I want
>> before I delete the rest.

>If you are on earthlink, you may find that the "suspect mail" goes into
>a folder that also uses up your quota.

Yes, and if you're using Yahoo Mail, with the virus sending about 50
spams to me every 15 minutes, it fills up my mailbox, bouncing other
messages back to sender. Plus, with Yahoo, there is no filter to
delete spam at server, so even if I use filters, it backs up in my
deleted file, which also fills my box.

Yahoo's solution: Buy the premium service with more space.
Not a bad business plan. (For Yahoo.)

Of course, if I thought enough people would fall for that, I'd be more
likely to buy their stock than their premium service. <grin>

-HW "Skip" Weldon
Columbia, SC