email from microsoft
Sherry
this morning. Are these viruses???
They are being sent to me constantley and I don't know
why. Any ideas??
X-Apparently-To: sjru...@prodigy.net via
web80214.mail.yahoo.com; Fri, 12 Dec 2003 11:20:47 -0800
Return-Path: <ferreira...@wanadoo.fr>
Received: from vma-ext.prodigy.net (207.115.63.86)
by mta829.mail.sc5.yahoo.com with SMTP; Fri, 12 Dec
2003 11:20:43 -0800
X-Header-Overseas: Mail.from.Overseas.source.193.252.22.29
X-Originating-IP: [193.252.22.29]
Received: from mwinf0204.wanadoo.fr (smtp2.wanadoo.fr
[193.252.22.29])
by vma-ext.prodigy.net (8.12.9/8.12.10) with
ESMTP id hBCJKfgT820838
for <sjru...@prodigy.net>; Fri, 12 Dec 2003
14:20:41 -0500
Received: from hjsdilv (AReims-105-1-25-120.w81-
53.abo.wanadoo.fr [81.53.44.120])
by mwinf0204.wanadoo.fr (SMTP Server) with SMTP
id 8E31BA00005A; Fri, 12 Dec 2003 20:20:31 +0100
(CET)
From: "Mail System" <emails...@microsoft.com>
To: "internet user" <>
X-Apparently-To: sjru...@prodigy.net via
web80206.mail.yahoo.com; Fri, 12 Dec 2003 11:46:01 -0800
X-YahooFilteredBulk: 211.6.83.51
Return-Path: <akis...@wonder.ocn.ne.jp>
Received: from vmc-ext.prodigy.net (207.115.63.88)
by mta807.mail.yahoo.com with SMTP; Fri, 12 Dec 2003
11:46:00 -0800
X-Header-Overseas: Mail.from.Overseas.source.211.6.83.51
X-Originating-IP: [211.6.83.51]
Received: from smtp.wonder.ocn.ne.jp (wonder.ocn.ne.jp
[211.6.83.51])
by vmc-ext.prodigy.net (8.12.10/8.12.10) with
ESMTP id hBCJjuDc100478
for <sjru...@prodigy.net>; Fri, 12 Dec 2003
14:45:56 -0500
Received: from pfzzdpp (p2145-ip01akita.akita.ocn.ne.jp
[61.207.130.145])
by smtp.wonder.ocn.ne.jp (Postfix) with SMTP
id 337BE2D29; Sat, 13 Dec 2003 04:45:35 +0900
(JST)
From: "Network Delivery System" <>
To: "Inet Client" <>
SUBJECT: Bug Message
X-Apparently-To: sjru...@prodigy.net via
web80215.mail.yahoo.com; Fri, 12 Dec 2003 10:55:05 -0800
Return-Path: <ferreira...@wanadoo.fr>
Received: from vmc-ext.prodigy.net (207.115.63.88)
by mta829.mail.sc5.yahoo.com with SMTP; Fri, 12 Dec
2003 10:55:04 -0800
X-Header-Overseas: Mail.from.Overseas.source.193.252.22.29
X-Originating-IP: [193.252.22.29]
Received: from mwinf0201.wanadoo.fr (smtp2.wanadoo.fr
[193.252.22.29])
by vmc-ext.prodigy.net (8.12.10/8.12.10) with
ESMTP id hBCIt0Dc866168
for <sjru...@prodigy.net>; Fri, 12 Dec 2003
13:55:01 -0500
Received: from nehflwj (AReims-105-1-25-120.w81-
53.abo.wanadoo.fr [81.53.44.120])
by mwinf0201.wanadoo.fr (SMTP Server) with SMTP
id EED1E3000446; Fri, 12 Dec 2003 19:54:49 +0100
(CET)
From: "Microsoft Customer Bulletin"
<nqu...@confidence.ms.com>
To: "Commercial Consumer" <dlsvyff-
wysn...@confidence.ms.com>
SUBJECT:
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="utviqdjrhuytfa"
Message-Id:
<2003121218544...@mwinf0201.wanadoo.fr>
Date: Fri, 12 Dec 2003 19:54:49 +0100 (CET)
X-Apparently-To: sjru...@prodigy.net via
web80204.mail.yahoo.com; Fri, 12 Dec 2003 03:58:39 -0800
X-YahooFilteredBulk: 193.95.17.173
Return-Path: <amira....@instm.rnrt.tn>
Received: from vme-ext.prodigy.net (207.115.63.91)
by mta828.mail.sc5.yahoo.com with SMTP; Fri, 12 Dec
2003 03:58:37 -0800
X-Header-Overseas: Mail.from.Overseas.source.193.95.17.173
X-Originating-IP: [193.95.17.173]
Received: from rissala173.outgw.tn (rissala173.outgw.tn
[193.95.17.173])
by vme-ext.prodigy.net (8.12.10/8.12.10) with
ESMTP id hBCBwSnO039198
for <sjru...@prodigy.net>; Fri, 12 Dec 2003
06:58:29 -0500
Received: from tounes-22.ati.tn (tounes-22.ati.tn
[193.95.66.22])
by rissala164.ingw.tn (8.12.9/8.12.9) with ESMTP
id hBCDwmCT006876;
Fri, 12 Dec 2003 12:58:48 -0100 (GMT)
Received: from mail.pubfsi.tn ([193.95.67.126])
by tounes-22.ati.tn (8.12.8/8.12.8) with ESMTP id
hBCAw6mq005394;
Fri, 12 Dec 2003 12:58:06 +0200 (EET)
Received: from sizzka ([193.95.11.170]) by mail.pubfsi.tn
(8.8.8/8.6.9) with SMTP id LAA27529; Fri, 12 Dec 2003
11:45:27 +0100
Date: Fri, 12 Dec 2003 11:45:27 +0100
Message-Id: 2003121210...@mail.pubfsi.tn
X-Apparently-To: sjru...@prodigy.net via
web80215.mail.yahoo.com; Fri, 12 Dec 2003 04:05:55 -0800
X-YahooFilteredBulk: 193.95.17.173
Return-Path: <amira....@instm.rnrt.tn>
Received: from vme-ext.prodigy.net (207.115.63.91)
by mta808.mail.yahoo.com with SMTP; Fri, 12 Dec 2003
04:05:54 -0800
X-Header-Overseas: Mail.from.Overseas.source.193.95.17.173
X-Originating-IP: [193.95.17.173]
Received: from rissala173.outgw.tn (rissala173.outgw.tn
[193.95.17.173])
by vme-ext.prodigy.net (8.12.10/8.12.10) with
ESMTP id hBCC5pnO642510
for <sjru...@prodigy.net>; Fri, 12 Dec 2003
07:05:51 -0500
Received: from tounes-22.ati.tn (tounes-22.ati.tn
[193.95.66.22])
by rissala164.ingw.tn (8.12.9/8.12.9) with ESMTP
id hBCE6ACT009423;
Fri, 12 Dec 2003 13:06:10 -0100 (GMT)
Received: from mail.pubfsi.tn ([193.95.67.126])
by tounes-22.ati.tn (8.12.8/8.12.8) with ESMTP id
hBCB5Pms008019;
Fri, 12 Dec 2003 13:05:31 +0200 (EET)
Received: from qftu ([193.95.11.170]) by mail.pubfsi.tn
(8.8.8/8.6.9) with SMTP id LAA28052; Fri, 12 Dec 2003
11:53:07 +0100
Date: Fri, 12 Dec 2003 11:53:07 +0100
Message-Id: <2003121210...@mail.pubfsi.tn>
FROM: "ms inet message delivery service" <>
TO: "Inet Client" <reci...@yourserver.net>
SUBJECT: Mail: User unknown
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="vaqiqke"
--vaqiqke
Content-Type: text/html
Bruce Chambers
What you received is either a very common, malicious hoax or the
output of a computer infected by one of several widely publicized,
wide-spread, mass emailing worms. This sort of email has been quite
common for at least the past 8 months. The most widely-known are:
W32.Swen.A_mm
http://securityresponse.symantec.com/avcenter/venc/data/w32.s...@mm.html
W32.Dumaru_mm
http://securityresponse.symantec.com/avcenter/venc/data/w32.d...@mm.html
W32.Gibe_mm
http://securityresponse.symantec.com/avcenter/venc/data/w32....@mm.html
Microsoft never has, does not currently, and very probably never
will email unsolicited security patches. At the most, if, and only
if, you subscribe to their security notification newsletter, they will
send you an email informing you that a new patch is available for
downloading.
Microsoft Policies on Software Distribution
http://www.microsoft.com/technet/treeview/?url=/technet/security/policy/swdist.asp
Information on Bogus Microsoft Security Bulletin Emails
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/patch_hoax.asp
How to Tell If a Microsoft Security-Related Message Is Genuine
http://www.microsoft.com/security/antivirus/authenticate_mail.asp
Any and all legitimate patches and updates are readily available
at http://windowsupdate.microsoft.com/. (Notice that this is the true
URL, rather than the bogus one that may have been contained in the
email you received.) Any messages that point to any other source(s) or
claim to have the patch attached are bogus.
You're receiving these emails because your email address is in
the address book of someone infected with a worm, and/or because you
posted your real email address somewhere on-line, either in a forum
accessible to the public and spambots, such as Usenet, or on an
untrustworthy web site that subsequently sold your address as part of
a mailing list. One thing you can do is notify _everyone_ with whom
you've ever corresponded via email that one or more of them may be
infected with a mass emailing worm, and should take the appropriate
steps.
Bruce Chambers
--
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html
You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
"Sherry" <anon...@discussions.microsoft.com> wrote in message
news:01fd01c3c0f1$34a51030$a401...@phx.gbl...
Veronica Loell
> below is the message source from 5 email I receive just
> this morning. Are these viruses???
> They are being sent to me constantley and I don't know
> why. Any ideas??
It is probably the SWEN-worm. Do a search for swen in this newsgroup and
you should be able to get plenty of information. Throw in "phil weldon"
in the search as well and you should be able to find his extensive
summary of what the worm does.
http://groups.google.com/groups?group=microsoft.public.security.virus
anon...@discussions.microsoft.com
I sure wish I had read the code of conduct for using the
newsgroup, because I did post my real email at one time.
Oh well!!
Thanks for your help and response.
I really like the "You can have peace. Or you can have
freedom. Don't ever count on having both at once. -- RAH"
What does the RAH repesent?
Have safe and happy holidays
Sherry
>.
>
Sarah
>-----Original Message-----
>Thank You Bruce
>
>I sure wish I had read the code of conduct for using the
>newsgroup, because I did post my real email at one time.
>Oh well!!
>Thanks for your help and response.
>
>I really like the "You can have peace. Or you can have
>freedom. Don't ever count on having both at once. -- RAH"
>What does the RAH repesent?
>
>Have safe and happy holidays
>
>Sherry
Not sure if you wanted to wait and have Bruce respond-
if you just wanted the info, its from Robert Heinlein,
"Time Enough For Love"
Sherry
Sherry
>
Bruce Chambers
You're welcome. Disguising one's email address isn't really part
of any "code of conduct," though. It's more in the nature of a
general precaution.
RAH = Robert A. Heinlein, my favorite author.
Bruce Chambers
You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
<anon...@discussions.microsoft.com> wrote in message
news:08db01c3c0fc$4f41f4c0$a001...@phx.gbl...
David H. Lipman
common are; Swen, Dumaru, Gibe and Torvil. All AV companies and Microsoft are fully aware
of the is problem.
Please read the post entitled:
** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.12.12
All you can do is...
1. Keep your AV package up-to-date
2. Create email "rules" to auto-delete the offending messages
3. Petition your ISP to install AV software on their respective email servers.
4. Install *all* Critical Updates via the Windows Update web site.
5. If all else fails, Change your email address.
Dave
"Sherry" <anon...@discussions.microsoft.com> wrote in message
news:01fd01c3c0f1$34a51030$a401...@phx.gbl...
Patrick Casher
download the worm in the first place. This can be done in Outlook Express
by setting up the message rules as follows:
Click Tools, Message Rules, Mail.
Select New
1. Condition, Check box "Where to line contains people"
2. Action, Check box "Stop processing more rules"
3. Description, Click on underlined "contains people" then type in your
email address, Then Add, and OK.
(Select new rule # 2)
Click New
1. Condition, Check box "For all messages"
2. Action, Check box "Delete from server"
Click ok, apply now, apply now, ok ,close, ok.
This will cause the mail reader only to accept mail addressed directly to
you and delete all others from the server.
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:%23dkA$qQwDH...@TK2MSFTNGP09.phx.gbl...
Patrick Casher
The one thing that helped me the most was never to allow the mail reader to
download the worm in the first place. This can be done in Outlook Express
by setting up the message rules as follows:
Click Tools, Message Rules, Mail.
Select New
1. Condition, Check box "Where to or CC line contains people"
2. Action, Check box "Stop processing more rules"
3. Description, Click on underlined "contains people" then type in your
email address, Then Add, and OK.
(Select new rule # 2)
Click New
1. Condition, Check box "For all messages"
2. Action, Check box "Delete from server"
Click ok, apply now, apply now, ok ,close, ok.
This will cause the mail reader only to accept mail addressed directly to
you and delete all others from the server.
The following info also came from Paul[MSFT]
Some people may want to occasionally review deleted messages to verify that
nothing legit is being filtered out. If this interests you, you could
modify the second step in Rule 2 to "Delete It" or "Move to Folder" rather
than deleting it from the server. Then you could occasionally scan the
messages in the deleted items folder or other folder for legit email.
Patrick
"Patrick Casher" <cas...@qwickconnect.net> wrote in message
news:brdo8b$29l19$1...@ID-208448.news.uni-berlin.de...