Pinebear Posted October 4, 2006 Share Posted October 4, 2006 Beginning back on August 23 I began receiving emails purportedly from my ISP, not, which I will describe using the text I have been sending along to the abuse email address. The following is a pseudo-phishing attempt which would have installed the W32.Mytob.EA[at]mm worm. I had been receiving these once or twice a day since August 23 and my ISP, Canaantv, had been working to get this stopped. It appeared that they did, since I hadn't received one since Sept 5. Previously, all had come from the same IP, 184.108.40.206. They had again started up on 09-14-2006 and were all from Road Runner IPs. I received 11 from four different RR IPs, with the last being on 09-24-2006. They all have one of the following subjects which seem to rotate. * Members Support * Important Notification * You have successfully updated your password * Warning Message: Your services near to be closed * YOUR ACCOUNT IS SUSPENDED FOR SECURITY REASONS * Your Account is Suspended * Your password has been successfully updated * You have successfully updated your password * Your new account password is approved It appears whoever is sending these out has again jumped to a different ISP, this time BellSouth, which is now the third, and the fourth different BellSouth IP. It appears someone has it in for me. However, I don't see it as someone who is a casual user whose PC has been hijacked. That type of user wouldn't know it and probably would not have the smarts or inclination to jump across three different ISPs and almost two dozen different IPs in that short a period of time. My ISP, relatively small, has no reports of any similar activity against anyone else. The latest I reported to SC is 1951139853. Any ideas as to what I can do about this other than continuing to report? Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.