Someone is sending me a lot of e-mails with the W32.Mydoom.L@mm virus.
They are coming from a number of IP addresses on different networks, but one originating IP comes up over and over: 69.164.181.182. First one was sent on December 20th, latest one 11:18 am this morning.
It resolves to adelphia.net in Coudersport, PA - I've written to their abuse address with the message headers, etc.
I know a person who lives in PA who doesn't appreciate me very much right now.
Is there anything else I can do? I'm well protected - Norton catches them all without trouble, and I have other software running as well. I ran the myDoom fix just to be sure - no problems.
--- message source ---
Return-path: <
[email protected]>
Envelope-to:
[email protected]
Delivery-date: Sat, 25 Dec 2004 11:16:05 -0500
Received: from [69.164.181.182] (helo=primanudes.com)
by tampa3.westcoasthost.com with esmtp (Exim 4.43)
id 1CiEaJ-0007cc-NY
for
[email protected]; Sat, 25 Dec 2004 11:16:04 -0500
From: "Bounced mail" <
[email protected]>
To:
[email protected]
Subject: Returned mail: see transcript for details
Date: Sat, 25 Dec 2004 11:18:04 -0500
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0004_1F4E43A6.0495266B"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
This is a multi-part message in MIME format.
------=_NextPart_000_0004_1F4E43A6.0495266B
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: 7bit
:: binary content garbage removed ::
------=_NextPart_000_0004_1F4E43A6.0495266B
Content-Type: plain/text;
name="Norton AntiVirus Deleted1.txt"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="Norton AntiVirus Deleted1.txt"
:: content removed ::
------=_NextPart_000_0004_1F4E43A6.0495266B--