Greyware Automation Products, a small business, has been scrambling for the past week to keep itself alive as it's barraged by a denial-of-service attack launched by the Swen virus.. . .
Greyware Automation Products, a small business, has been scrambling for the past week to keep itself alive as it's barraged by a denial-of-service attack launched by the Swen virus.

Greyware is getting 40 attempts per minute to deliver copies of the worm by e-mail. The worm makes up 51 percent of its total incoming e-mail traffic. The worm has been trying to contact the company's discussion servers 16 times every second; normal discussion server traffic is one attempted contact every minute. Those figures are current as of Friday afternoon.

Left unchecked, the activity would flood Greyware's Internet connection, taken Greyware offline and put it out of business.

The online business has fended off attacks by modifying the technique it -- and most e-mail services -- use to screen mail for spam and viruses. Instead of downloading each message in its entirety, then analyzing the contents, Greyware analyzes the messages as they come in, and, as soon as it determines a message is Swen-generated, the Greyware server breaks the connection. That saves bandwidth and e-mail storage, although it's processor intensive.

Swen is also mounting a second attack on Greyware, flooding Greyware's NNTP-based discussion servers with connections in attempts to harvest e-mail addresses. Greyware dealt with those attacks by changing the port number users use to access the server, from Port 119 to Port 1119, which unfortunately made it impossible for some of its users to contact the discussion servers until those users had been informed of the change and reconfigured their client software to contact Greyware on the new port.

The link for this article located at Security Pipeline is no longer available.