?

Log in

No account? Create an account
Random geek moment... - Nobody wears a white coat any more...
...a tribute to becoming a doctor.
ayradyss
ayradyss
Random geek moment...
Mailbox is being beseiged with virus-laden spam from addresses I do not recognise. Today, I got a second bounce stating that I had sent a virus-laden e-mail and would I please scan my system.
I do not have the MyDoom or Novarg viruses on my computer. I've full-scanned it three times to be certain, and I never open unknown attachments. My virus definitions are very much up to date. But the bounce today included full headers from the bounced message.
Full headers include the following:
Return-Path: The person to whom a bounce or reply should be sent.
Received: from The nominal domain and IP address of the sending server by The name and mail agent of the receiving server...</i>

The bounce headers included the following:
Return-path: < vita(at)mistwalker.org >
Received: from [A.B.C.D] (helo=mistwalker.org) by zipper.fastforwardnetwork.com with esmtp (Exim 4.24)


Mistwalker.org's IP address is W.X.Y.Z, not A.B.C.D. I am certain of this; as certain as I am that whoever is taking 'helo mistwalker.org' as authentication is being misled.
A.B.C.D resolves to an IP address on the home.cgocable.net network. Interestingly enough, http://www.cgocable.net times out and does not resolve. Even more interestingly, the last two items of virus-laden spam e-mail I've gotten (the only two since I thought to check headers on them) originate from A.B.C.D.

So, if any of you out there have the vita e-mail address in your book and are using cgocable.net for your ISP, please check your computer. Please please please. There's a removal tool right here.

now feeling:: annoyed annoyed

6 whispers echo . o O ( ... ) O o . whisper a word
Comments
arazia From: arazia Date: January 30th, 2004 10:22 am (UTC) (etched in stone)
It's not me! ... funny thing though, I haven't gotten a single piece of virus laiden spam yet... I must not be that popular.
From: clypheous Date: January 30th, 2004 10:34 am (UTC) (etched in stone)

Re:

Yeah, I haven't gotten any viruses either. Considering how much spam I generally get I'm surprised. My guess is it's because I'm not in anyone's address book, the main way it gets around. Hopefully it will stay that way.
missysedai From: missysedai Date: January 30th, 2004 12:36 pm (UTC) (etched in stone)
TechTV noted last night that the reason a lot of people are getting bounce notices has to do with the way the worm spoofs addresses.

I've gotten a number of them too, even on addresses that are never used, and our domain is *so* locked down and filtered to hell and gone that even legitimate mail sometimes gets eaten.
ayradyss From: ayradyss Date: February 2nd, 2004 08:48 am (UTC) (etched in stone)

Re:

Bloody viruses.
fyrfitrmedic From: fyrfitrmedic Date: January 30th, 2004 01:38 pm (UTC) (etched in stone)
If you weren't set on being a doc you'd do well working an ISP's abuse desk :)

Speaking as a former 'abuse@' person...
ayradyss From: ayradyss Date: February 2nd, 2004 02:57 am (UTC) (etched in stone)

Re:

I was HelpDesk and microsupport in undergrad :)
6 whispers echo . o O ( ... ) O o . whisper a word