footprints?

Thanks for confirming. I was beginning to suspect that by the numbers of
pcs out there busily cranking out spam where operators don't seem to have
any idea their computer is doing something naughty.
 >> Stay informed about: footprints? 

Hi,

> Would a firewall (Sygate / ZA) give an indication that this SMTP engine is
> trying to access the internet? It is a program, isn't it?

A firewall may or may not show Swen activity. I admit that I don't use
windoze firewalls anymore (since all my windoze clients connect to the
internet via a Linux server that naturally is a firewall in and of
itself ). Remembering the last version of ZoneAlarm I used, I think
it should notice Swen activity and therefore notify you that something
bad is going on there... but I cannot guarantee that.

By the way, if you want to know whether you got Swen yourself then you
can check this much easier than using a firewall. Try to start regedit
(start menu / execute / type "regedit"). If it opens you're safe as
Swen blocks regedit and some other programs.


--
Bye

Tocis (commoner AT carcosa DOT de)
Include HI-AK 523 in the subject or your email will be deleted!
 >> Stay informed about: footprints? 

Hi,

> Thanks kindly for your reply. I wanted a clearer understanding of what a
> STMP (just a format rule?) engine (program?) could do and whether my Sygate
> would kick in if I had been infected.

SMTP = Simple Mail Transfer Protocol. The internet protocol for
transfering emails. SMTP engine = program that processes emails from
one machine to another (very simple explanation).
So yes, an SMTP engine is executable code and basically can be caught
by a firewall that recognizes that there is an unknown program wanting
to access the internet. But there may well be ways to disguise these
attempts - Swen unfortunately has been written by a bastard with quite
some creativity when it comes to tormenting innocent users. :/

> don't believe I have the one's that can automatically execute (I'm fully
> patch - W98SE) but where would you look to see how they do that; in the
> headers? by viewing source?

If you have a fully patched system I think the Swen attachments won't
automatically execute when you open the mail itself. But I strongly
suggest you don't take the risk and instead follow the rules of Safer
Hex (Install and keep up-to-date security software - virus scanner and
firewall - and never ever open an attachment unless you absolutely
positively know that it's harmless). With M$OE, among other things,
this includes closing the preview pane because that's de facto the same
as opening the email itself.

> I see your day is half done, enjoy your lunch, and thanks again for your
> help.

No problem
 >> Stay informed about: footprints?