New Spam with virus that fools SpamCop?

[btech]

I've received this spam 2 times [at] a hotmail address of mine. Attached to the email, which looks like a bounce, is the Netsky worm. When I tried to forward to my reporting link, SpamCop sees the email as a bounce, so it doesn't report the spam. But it CLEARLY is spam and a malicious one at that:

X-Message-Info: JGTYoYF78jFzK+cjWxSoXZxjeWUnBWjk

Received: from lamx03.mgw.rr.com ([66.75.160.11]) by mc8-f31.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824);

  Mon, 4 Oct 2004 20:54:58 -0700

Received: from localhost (localhost)

by lamx03.mgw.rr.com (8.12.10/8.12.8) id i94KbZuv023452;

Mon, 4 Oct 2004 23:54:57 -0400 (EDT)

Date: Mon, 4 Oct 2004 23:54:57 -0400 (EDT)

From: Mail Delivery Subsystem <MAILER-DAEMON[at]lamx03.mgw.rr.com>

Message-Id: <200410050354.i94KbZuv023452[at]lamx03.mgw.rr.com>

To: <btech[at]hotmail.com>

MIME-Version: 1.0

Content-Type: multipart/report; report-type=delivery-status;

boundary="i94KbZuv023452.1096948497/lamx03.mgw.rr.com"

Subject: Returned mail: see transcript for details

Auto-Submitted: auto-generated (failure)

Return-Path: <>

X-OriginalArrivalTime: 05 Oct 2004 03:54:58.0303 (UTC) FILETIME=[1506D0F0:01C4AA8F]

This is a MIME-encapsulated message

--i94KbZuv023452.1096948497/lamx03.mgw.rr.com

The original message was received at Sat, 2 Oct 2004 21:36:26 -0400 (EDT)

from 69-172-235-249.vnnyca.adelphia.net [69.172.235.249]

----- The following addresses had permanent fatal errors -----

<tglaser[at]socal.rr.com>

    (reason: 452 4.2.1 Mailbox temporarily disabled: tglaser[at]socal.rr.com)

----- Transcript of session follows -----

... while talking to ms-mta-02-fn.socal.rr.com.:

>>> DATA

<<< 452 4.2.1 Mailbox temporarily disabled: tglaser[at]socal.rr.com

<tglaser[at]socal.rr.com>... Deferred: 452 4.2.1 Mailbox temporarily disabled: tglaser[at]socal.rr.com

<<< 554 5.5.0 No recipients have been specified.

Message could not be delivered for 2 days

Message will be deleted from queue

--i94KbZuv023452.1096948497/lamx03.mgw.rr.com

Content-Type: message/delivery-status

Reporting-MTA: dns; lamx03.mgw.rr.com

Arrival-Date: Sat, 2 Oct 2004 21:36:26 -0400 (EDT)

Final-Recipient: RFC822; tglaser[at]socal.rr.com

Action: failed

Status: 4.4.7

Remote-MTA: DNS; ms-mta-02-fn.socal.rr.com

Diagnostic-Code: SMTP; 452 4.2.1 Mailbox temporarily disabled: tglaser[at]socal.rr.com

Last-Attempt-Date: Mon, 4 Oct 2004 23:54:57 -0400 (EDT)

--i94KbZuv023452.1096948497/lamx03.mgw.rr.com

Content-Type: text/rfc822-headers

Received: from socal.rr.com (69-172-235-249.vnnyca.adelphia.net [69.172.235.249])

by lamx03.mgw.rr.com (8.12.10/8.12.8) with ESMTP id i931aQuI000751

for <tglaser[at]socal.rr.com>; Sat, 2 Oct 2004 21:36:26 -0400 (EDT)

Message-Id: <200410030136.i931aQuI000751[at]lamx03.mgw.rr.com>

From: **********[at]hotmail.com

To: tglaser[at]socal.rr.com

Subject: Notice again

Date: Sat, 2 Oct 2004 18:36:26 -0700

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="----=_NextPart_000_0016----=_NextPart_000_0016"

X-Priority: 3

X-MSMail-Priority: Normal

X-Virus-Scanned: Symantec AntiVirus Scan Engine

X-Virus-Scan-Result: Repaired 36326 W32.Netsky.P[at]mm

--i94KbZuv023452.1096948497/lamx03.mgw.rr.com--

Anyone else seen this or know how to report it?

[StevenUnderwood]

It is against spamcop rules to report Virus related emails. You can use spamcop to determine the source (headers only) them manually report it to the ISP.

[btech]

It is against spamcop rules to report Virus related emails.  You can use spamcop to determine the source (headers only) them manually report it to the ISP.

18326[/snapback]

oh man... I didn't know that. sorry! I'll manually report it

[turetzsr]

oh man... I didn't know that.  sorry!  I'll manually report it 

18332[/snapback]

...You might want to have a look at SpamCop FAQ: SpamCop Parsing and Reporting Service: Rules.