shmengie Posted February 20, 2005 Share Posted February 20, 2005 I recieved this email (around 2005-02-01 (Feb. 1st)) and reported 217.148.2.204 to message[at]shlink.ch After reporting the spam, I've recieved virus in the mail from 217.148.7.200 To date 17 emails containing a virus. That seems a little too coincidental to me. Reporting to message[at]shlink.ch seems to be a waste of time. How else might I follow up on this? From - Mon Jan 31 23:46:23 2005 Return-Path: <jzxjnmutuebfkw[at]webmail.co.yu> Received: from CPQ15484134982 (range20-204.shlink.ch [217.148.2.204]) by zeus.[protected] (8.11.2/8.11.2) with SMTP id j114dt411044 for <joe[at][protected]>; Mon, 31 Jan 2005 23:39:55 -0500 Received: from inverse.rockbridge.net ([65.118.241.21]) by alden.passagen.se (Sun Java System Messaging Server 6.1 HotFix 0.02 (built Aug 27 2004)) with ESMTP id <0B9H00JI640LN75[at]alden.passagen.se> for joe[at][protected] (ORCPT joe[at][protected]); Mon, 31 Jan 2005 22:32:52 -0600 (IST) Received: from payday (bayonne.rockbridge.net ([202.108.86.72]) by inverse.rockbridge.net (MOS 3.5.5-GR) with ESMTP id DET50635 (AUTH evasive) ; Tue, 01 Feb 2005 03:30:52 -0100 (IST) Date: Mon, 31 Jan 2005 21:37:52 -0700 From: "Rudolph Gill" <jzxjnmutuebfkw[at]webmail.co.yu> To: <joe[at][protected]> Subject: Accumu|ate at these |evels with breakOut |OOming Message-ID: <677234736229.AHW81955[at]childhood.passagen.se> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7Bit X-UIDL: Vi<"!)N,!!bnP!!cc_"! Penny Stock Flyer's |ast choice on Jan 21 was VTYC at .06 with an immediate target of .22, it hit .27 in 4 days. Next Immediate Penny Stock Flyer: American IDC Corp. OTC: ACNI Price: .04 - Near 52-week Low, Load-up Ear|y Projected to Trip|e in 7 Days .... Link to comment Share on other sites More sharing options...
swingspacers Posted February 20, 2005 Share Posted February 20, 2005 I recieved this email (around 2005-02-01 (Feb. 1st)) and reported 217.148.2.204 to message[at]shlink.ch 24556[/snapback] It looks like this one was an open relay that was spewing spam all over the place. It appears to have been shut down recently, maybe due to your report. Well done! Volume Statistics for this IP Magnitude Vol Change vs. Average Last day 0.0 -100% Last 30 days 3.3 840% Average 2.4 After reporting the spam, I've recieved virus in the mail from 217.148.7.200 To date 17 emails containing a virus. 24556[/snapback] This one is an infected machine that is currently sending viruses all over the place. You are definitely not the only one getting viruses from them. Volume Statistics for this IP Magnitude Vol Change vs. Average Last day 3.0 486% Last 30 days 2.8 382% Average 2.1 Reporting to message[at]shlink.ch seems to be a waste of time. 24556[/snapback] It looks like they shut down the first one you reported. So maybe it is working. Does anybody know this Swiss ISP (MTF Schaffhausen AG) and can tell us how responsive they are? How else might I follow up on this? 24556[/snapback] As mentioned before, get a good firewall, virus scanner, and spam filter. And don't worry too much. Link to comment Share on other sites More sharing options...
Farelf Posted February 21, 2005 Share Posted February 21, 2005 After reporting the spam, I've recieved virus in the mail from 217.148.7.200 To date 17 emails containing a virus. 24556[/snapback] Sounding increasingly like it is coincidental in light of OP's findings. The thing is, if it is an "unconscious" attack after all, it should stop anyway when the infected machine's owner finally gets the message, whether from you or (more likely) a closer contact. And it isn't uncommon these days for ISPs *not* to reply - doesn't mean they haven't taken action. Some perception of liability, perhaps. Haven't located an abuse address for the MTF Schaffhausen AG group, but if you want to persevere maybe try contact with their general address - schaffhausen[at]mtf.ch - in the first instance. I may be misreading the listings but they seem, in turn, to be under a top level provider MCI EMEA (MCI Group). Or, getting back to Shlink you could try their on-line contact form http://www.shlink.ch/kontakt/kontakt_formular.asp (different staff, maybe different response). Presumably your German is not as schrecklich as is mine (notice how "Hande hochst" doesn't seem to get you very far these days?) At the end of the day, I think the OP has given excellent advice. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.