monfis Posted May 29, 2005 Share Posted May 29, 2005 My mailbox is filled with mails that have a virus infected file attached every few minutes, since about a week. According to the header I am sending these messages to myself. Any suggestions to sort the real sender? Return-Path: <hostmaster#owners-direct-rentals.com> Received: from saturn.eroute.net (root[at]localhost) by owners-direct-rentals.com (8.12.10/8.12.10) with ESMTP id j4SNEb0W025121 for <adam#owners-direct-rentals.com>; Sun, 29 May 2005 11:14:37 +1200 X-ClientAddr: 82.154.231.170 Received: from owners-direct-rentals.com (bl5-231-170.dsl.telepac.pt [82.154.231.170]) by saturn.eroute.net (8.12.10/8.12.10) with ESMTP id j4SNEW5m025059 for <adam#owners-direct-rentals.com>; Sun, 29 May 2005 11:14:33 +1200 Message-Id: <200505282314.j4SNEW5m025059[at]saturn.eroute.net> From: hostmaster#owners-direct-rentals.com To: adam#owners-direct-rentals.com Subject: Your Email Account is Suspended For Security Reasons Date: Sat, 28 May 2005 23:14:39 +0100 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0010_104F8686.528D3794" X-Priority: 3 X-MSMail-Priority: Normal EDIT: Munged email addresses to reduce munging. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted May 29, 2005 Share Posted May 29, 2005 My mailbox is filled with mails that have a virus infected file attached every few minutes, since about a week. According to the header I am sending these messages to myself. Any suggestions to sort the real sender? Return-Path: <hostmaster[at]owners-direct-rentals.com> Received: from saturn.eroute.net (root[at]localhost) by owners-direct-rentals.com (8.12.10/8.12.10) with ESMTP id j4SNEb0W025121 for <adam#owners-direct-rentals.com>; Sun, 29 May 2005 11:14:37 +1200 X-ClientAddr: 82.154.231.170 Received: from owners-direct-rentals.com (bl5-231-170.dsl.telepac.pt [82.154.231.170]) by saturn.eroute.net (8.12.10/8.12.10) with ESMTP id j4SNEW5m025059 for <adam#owners-direct-rentals.com>; Sun, 29 May 2005 11:14:33 +1200 28656[/snapback] No, accoding to the headers, this message came from (bl5-231-170.dsl.telepac.pt [82.154.231.170]). The To: and From: fields are easily forged. Link to comment Share on other sites More sharing options...
Jeff G. Posted May 29, 2005 Share Posted May 29, 2005 Per Symantec's Virus Encyclopedia, the system at bl5-231-170.dsl.telepac.pt [82.154.231.170] is probably infected with either mm.html]W32.Mytob.CH[at]mm or one of four variants of W32.Mydoom[at]mm. The Parser recommends reporting to postmaster[at]mail.telepac.pt and abuse[at]mail.telepac.pt at this time based on a registration at abuse.net. It is probable that one of your correspondents in Portugal runs the infected system, so you may want to contact those correspondents, as well. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.