Re: [Declude.Virus] Swen not tagged as forging?

[Greg Little]

Yes, Swen forges. I don't send any auto-notice to sender or recipient on forging viruses. You don't know who the "real" sender is and it does nothing useful for the recipient to hear "an unknown PC Sent you a virus, but it was blocked by the server". For most of the Macro viruses (and some of the other non-forging) you do want both to get a notice. Greg Little This is from F-Secures site http://www.f-secure.com/v-descs/swen.shtml The attachment name, subject and part of the infected message is randomly composed from text strings hardcoded in the worm's body. The fake sender's address is selected from the following parts: MS Microsoft Corporation Program Internet Network Security Division Section Department Center Technical Public Customer Bulletin Services Assistance Support The domain name for these e-mails is selected from the following parts: news bulletin confidence advisor updates technet support newsletters The domain suffix for these e-mails is selected from the following parts: ms msn msdn microsoft followed by one of the following: .com .net John Tolmachoff (Lists) wrote: SWEN is not known to be forging. Every one that I have seen came from the sender that was indeed infected.   John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail scanned for viruses by Findlay Internet] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.