I whisper your name (ayradyss) wrote,
I whisper your name

  • Mood:

Random geek moment...

Mailbox is being beseiged with virus-laden spam from addresses I do not recognise. Today, I got a second bounce stating that I had sent a virus-laden e-mail and would I please scan my system.
I do not have the MyDoom or Novarg viruses on my computer. I've full-scanned it three times to be certain, and I never open unknown attachments. My virus definitions are very much up to date. But the bounce today included full headers from the bounced message.
Full headers include the following:
Return-Path: The person to whom a bounce or reply should be sent.
Received: from The nominal domain and IP address of the sending server by The name and mail agent of the receiving server...</i>

The bounce headers included the following:
Return-path: < vita(at)mistwalker.org >
Received: from [A.B.C.D] (helo=mistwalker.org) by zipper.fastforwardnetwork.com with esmtp (Exim 4.24)

Mistwalker.org's IP address is W.X.Y.Z, not A.B.C.D. I am certain of this; as certain as I am that whoever is taking 'helo mistwalker.org' as authentication is being misled.
A.B.C.D resolves to an IP address on the home.cgocable.net network. Interestingly enough, http://www.cgocable.net times out and does not resolve. Even more interestingly, the last two items of virus-laden spam e-mail I've gotten (the only two since I thought to check headers on them) originate from A.B.C.D.

So, if any of you out there have the vita e-mail address in your book and are using cgocable.net for your ISP, please check your computer. Please please please. There's a removal tool right here.
  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded