f1

any one else getting these ???

Hi.
I'm afraid the message returned below could not be delivered to one or more destinations.



Undeliverable to ywkumhseyn@puremail.com


Message follows:





there never is a message !! What is it anyone know ?

Cheers.

Redkop

Yep can contain a virus...is someone who has virus, spoofing your address and receipients mailcheckers are detecing them and returning them to you. Do not open - just delete them immediately. To be on safeside - run AV and see if you do have a virus

f1

cheers for the prompt reply, have got McAfee, so will run AV just in case.

Got one from supposedly microsoft aswell !!!


Cheers again.

Boro

iTrader: (1)

That'll be the W32.Swen.A@mm virus

The worm can also impersonate mail delivery failure notices, attaching itself as a randomly named executable.

One example is:

I'm sorry I wasn't able to deliver your message to one or more destinations.

Visit http://securityresponse.symantec.com...swen.a@mm.html for more info.

Paul aka Boro

f1

yep AV has picked up ; exploit-mime.gen.c PROGRAM

deleted it 6 of 'em.

I thought my AV was running in the background and would pick these up straight away ?

Steve

JackClark

Save the attachment to disk or if you're feeling a bit silly open it and it will/should/could pick them up.

Jack Clark
McAfee

f1

sorry, think I've seen what is happening. The file says it has an attachment, but if I were to try and open it I couldn't because it is greyed out. Maybe I only had 'slight' infection then ?

Never had one before, find it quite intriging as to how I got it !!

oooops missed the 'g' out !!

[Edited by f1 - 9/22/2003 3:49:01 PM]

Nicks VR4

F1

AVERT has received serveral submissions of emails which are generically detected as Exploit-MIME.gen.c. On examination these files have been found to be emails sent by W32/Swen@MM , which attempts to use this exploit in some cases. These emails are normally detected as Exploit-MIME.gen.exe. However if the email has passed through an email based Anti-Virus scanner the attachment will have been removed resulting in an email that just contains the exploit code but no attachement, and this is triggering the Exploit-MIME.gen.c detection.

This generic detection covers email message files which exploit the Microsoft Incorrect MIME Header vulnerability. This vulnerability allows attached executable files to be run when a message is simply viewed. Several common viruses make use of this exploit, including W32/Badtrans@MM, W32/Nimda.gen@MM, and W32/Klez.gen@MM.

For more information on this exploit and a patch, visit http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-020.asp

JackClark

Thanks Nick.

f1

cheers Nick / Jack, most helpful.

Nicks VR4

no problem

f1

sorry, me again,

keep getting e-mails that have this virus, had to run AV again, how can I stop them getting through my e-mails. When I highlight them to try and delete them they start opening, I think that's how it's getting through ??

Sorry not very 'up' on these !!!


cheers again

steve

Nicks VR4

Have you enabled Email scan ?
Right Click your VirusScan sheild in your system tray and check it is enabled
Then click propeties on email it gives you various options what to do one is delete it

f1

I'm using Outlook Express, I've noticed in McAfee it only states Microsoft Outlook, could this be the prob ?

Nicks VR4

Bummer yeap your right
Well sort off

In the Properties area again, click on Download Scan button this gives you the same options delete etc