Date: Tue, 23 Sep 2003 03:10:26 +0100
Reply-To: Real SAS User <sasuser@GUILDENSTERN.DYNDNS.ORG>
Sender: "SAS(r) Discussion" <SAS-L@LISTSERV.UGA.EDU>
From: Real SAS User <sasuser@GUILDENSTERN.DYNDNS.ORG>
Subject: OT: (Swen) If your site is running a virus autoresponder,
Content-Type: text/plain; charset=us-ascii
I've received some 3200 Swen viruses on a personal account to date.
Reports from associates range from hundreds to tens or hundreds of
thousands. Estimates of infected hosts range from 200,000 to 1.5
million. I suspect higher.
The return address of the mail differs from the SoBig.F mail which
pulled sender from addresses on the infected host's system. Instead,
Swen generates a sender address from a list of strings. Most of these
resolve to Microsoft or undeliverable domains. About 5% resolve to
"ms.com". This isn't Microsoft, but Morgan Stanley Dean Whitter & Co.
If the amount of Swen mail flying around is what I suspect it is, there
are hundreds of millions, if not billions of messages sent, and millions
or tens of millions of these point back to Morgan Stanley. I'm sure the
technical team at Morgan Stanley has some choice words for every author,
vendor, and user of such systems right now.
If your organization's virus, spam, vacation, or email nondelivery
notification system replies to the "From:" header of the mail, you are
contributing to a massive denial-of-service attack on Morgan Stanley.
Note that you're also attacking Microsoft and Verisign, with
approximately 20--fold greater frequency. I consider this as excusable
as it is Microsoft's poor security design which has contriubted directly
to this problem, and Verisign has voluntarially eelcted to resolve and
accept mail for any nondeliverable domain in the .com and .net TLDs.
Both organizations have the power to stop such attacks by changing their
Morgan Stanley does not.
If any single incident can highlight the inherent harm in unvalidated
spam, virus, vacation, and mailserver response messages, this is it.
Please forward this message to your organization's IT department.
Of course, should Morgan Stanley seek remedy for damages inflicted by
your organization, they are fully justified in doing so.
Charming man. I wish I had a daughter so I could forbid her to marry one...