Mailwasher has just hit a undelivered email thingy.. now I get shit loads of these and normally ignore and delete but managed to spot the email address as yours. When I investigated further (looked) Mailwasher is showing it as a virus. I've not sent owt to this address and your not in my address book with this email address so thought it worthy of a mention so you can check your system. I know that some are bogus ones but the email address etc etc leaves it too close for comfort to ignore.
Other group members may want to do a scan and update as necesssary... which one should do regular anyway but such is life.
I'm presuming that a lot of the email borne virii spead by plucking email addresses out of your address book, and sending themselves on while pretending to be other people from your address book.
In which case its not unreasonable that there is someone else here with both yours and austin's email addresses in their address books..
^^^^^^^^^^ This is (sadly) correct. The virus will send itself out, but pick a random address to pretend to be 'from'.
Prolly lots of us - but checking the originating IP gives a clue. You'll very rarely be able to identify the source, but you can narrow it down a bit...
I suspected that it may be summat like that. It's sat on the Server still at the mo (Mailwasher just lets me know its there for those not in the know).
I've viewed the source and it gives.... (email addresses have been edited to avoid influx of spam)
Return-Path: snipped-for-privacy@removed.to.avoid.spam.co.uk Received: from ntlworld.com ([81.208.106.70]) by mta06-svc.ntlworld.com (InterMail vM.4.01.03.37 201-229-121-137-20020806) with ESMTP id for snipped-for-privacy@myserver.blah.co.uk; Wed, 28 Apr 2004 15:29:15
Is it possible to identify the source from that to try and at least let them know?
I've done a who is and get
OrgName: RIPE Network Coordination Centre OrgID: RIPE Address: Singel 258 Address: 1016 AB City: Amsterdam StateProv: PostalCode: Country: NL
ReferralServer: whois://whois.ripe.net
NetRange: 81.0.0.0 - 81.255.255.255 CIDR: 81.0.0.0/8 NetName: 81-RIPE NetHandle: NET-81-0-0-0-1 Parent: NetType: Allocated to RIPE NCC NameServer: NS-PRI.RIPE.NET NameServer: NS3.NIC.FR NameServer: SUNIC.SUNET.SE NameServer: AUTH62.NS.UU.NET NameServer: SEC1.APNIC.NET NameServer: SEC3.APNIC.NET NameServer: TINNIE.ARIN.NET Comment: These addresses have been further assigned to users in Comment: the RIPE NCC region. Contact information can be found in Comment: the RIPE database at
# ARIN WHOIS database, last updated 2004-04-27 19:15 # Enter ? for additional hints on searching ARIN's WHOIS database.
on probing there own who is I get.........
% This is the RIPE Whois server. % The objects are in RPSL format. % % Rights restricted by copyright. % See
formatting link
inetnum: 81.208.106.64 - 81.208.106.79 netname: FASTWEB-RESIDENTIAL-08 descr: Infrastructure for Fastweb's main location descr: NAT IP addresses for residential customer, public subnet country: IT admin-c: IRS2-RIPE tech-c: IRS2-RIPE status: ASSIGNED PA mnt-by: FASTWEB-MNT changed: snipped-for-privacy@fastweb.it 20040224 remarks: In case of improper use originating from our network, remarks: please mail customer or snipped-for-privacy@fastweb.it remarks: INFRA-AW source: RIPE
route: 81.208.64.0/18 descr: Fastweb Networks block origin: AS12874 remarks: 4th block released to it.fastweb local registry. mnt-by: FASTWEB-MNT changed: snipped-for-privacy@fastweb.it 20021004 remarks: In case of improper use originating from our network, remarks: please mail customer or snipped-for-privacy@fastweb.it source: RIPE
person: IP Registration Service address: Via Caracciolo, 51 address: 20155 Milano MI address: Italy phone: +39 02 45451 fax-no: +39 02 45451 e-mail: snipped-for-privacy@fastweb.it nic-hdl: IRS2-RIPE remarks: remarks: In case of improper use originating from our network, remarks: please mail customer or snipped-for-privacy@fastweb.it remarks: notify: snipped-for-privacy@fastweb.it changed: snipped-for-privacy@fastweb.it 20011218 source: RIPE
I've emailed the abuse address accepting the sender may be an innocent victim or a rather more sinister person. I'm sure they will have the technology to work that out for themselves.
Certainly doen't look like Austin is the origin so eyes up folks!!
I was involved in a massive denial of service attack couple of years back. NTLworld really don't give a toss about abuse, they're unlikely to respond. A huge amount of spam originates in the Netherlands and the gov't has refused to sign up to the EC anti spam agreement. Until all isp's agree to block traffic from known problem sites, or where the 'From' tag does not match the originator, the problem is unavoidable.
On or around Wed, 28 Apr 2004 16:42:37 +0100, "Lee_D" enlightened us thusly:
I'll have a look, but it's unlikely - it'd have to be a virus that can work through Agent or Mozilla. IE is only allowed access to certain sites and OE is not configured or used.
I also have an active AV which is updated avery 2 days. I'll have a look with spybot, in case something has snuck aboard.
On or around Wed, 28 Apr 2004 22:47:18 +0100, Mother enlightened us thusly:
bugger, I'll have to change that, can't go around having accurate headers...:-)
nah, never had nowt to do with NThell, so it's definitely not me. I did look at the headers and decide they weren't mine.
someone's got an unprotected outlurk depressing out there with my address on it, I'll be bound. Annoying, as I thne get a pile of "undelivered" messages as a result. If anyone gets such things purporting to be from me, please don't bounce 'em, it serves no useful purpose as the only bounce messages I even look at are ones which look like something I know I've sent out.
Mailwasher seems to be a total feckup on this score. Don't get me wrong, I commend it strongly, however in the hands of a clueless newbie it can be a bit of a problem.
On or around Wed, 28 Apr 2004 23:30:56 +0100, Mother enlightened us thusly:
I've trained mine now, it just informs, and I use filters to get most of the spam. Interestingly, Freeserve (soon to be doggydoo) have installed spam filters at their end, most of the spam gets *** SPAM *** prepended to it's subject line. Which makes filtering easier, mind you, I sent an XL format file as an attachment to someone and it marked that as spam too...
Any .exe, .doc, .xls, .bat, .pif or in fact anything that isn't zipped up will be killed by most ISP's now, as it's how the viri propogate! Just wait until some bright spark manages to get a virus into an image.....
On or around Sat, 1 May 2004 19:04:47 +0000 (UTC), "Robin" enlightened us thusly:
freeserve/doggydoo have taken top marking spam with *** SPAM *** prepended to the subject line. very handy, most of the time. I hope they don't start deleting 'em though.
MotorsForum website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.