I do not have the MyDoom or Novarg viruses on my computer. I've full-scanned it three times to be certain, and I never open unknown attachments. My virus definitions are very much up to date. But the bounce today included full headers from the bounced message.
Full headers include the following:
Return-Path: The person to whom a bounce or reply should be sent.
Received: from The nominal domain and IP address of the sending server by The name and mail agent of the receiving server...</i>
The bounce headers included the following:
Return-path: < vita(at)mistwalker.org >
Received: from [A.B.C.D] (helo=mistwalker.org) by zipper.fastforwardnetwork.com with esmtp (Exim 4.24)
Mistwalker.org's IP address is W.X.Y.Z, not A.B.C.D. I am certain of this; as certain as I am that whoever is taking 'helo mistwalker.org' as authentication is being misled.
A.B.C.D resolves to an IP address on the home.cgocable.net network. Interestingly enough, http://www.cgocable.net times out and does not resolve. Even more interestingly, the last two items of virus-laden spam e-mail I've gotten (the only two since I thought to check headers on them) originate from A.B.C.D.
So, if any of you out there have the vita e-mail address in your book and are using cgocable.net for your ISP, please check your computer. Please please please. There's a removal tool right here.