«

In the past day I have received a large number of e-mails to this
address. Some are 143K long and have subjects along the lines of
"Returned mail - user unknown"; others are 157K long and have subjects
like "Microsoft Security Update".

I know this is something to do with a virus that is trying to spread
itself as an e-mail attachment. I have an up to date version of Norton
Antivirus 2003, and I never open attachments from unfamiliar senders,
so I know it's not my computer that has a virus.

The header from one of the 143K e-mails is

[BEGIN QUOTE]

X-Symantec-TimeoutProtection: 0
X-Symantec-TimeoutProtection: 1
Return-Path: <>
Received: from dswu27.btconnect.com (193.113.154.2 by
mk-cpfrontend.uk.tiscali.com (6.7.01
id 3F69DE0C0021ED12 for ; Fri, 19 Sep
2003 16:54:03 +0100
Date: Fri, 19 Sep 2003 16:54:03 +0100 (added by
)
Message-ID: <>
(added by )
Received: from wtxtj (actually host
host81-137-212-74.in-addr.btopenworld.com) by dswu27 with SMTP-CUST
(XT-PP); Fri, 19 Sep 2003 16:27:31 +0100
FROM: "inet email delivery service" <>
TO: "email recipient" <>
SUBJECT: Failure Notice
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="jhhnstsvxikeb"
X-PMFLAGS: 570950016 0 1 PJXUAB2H.CNM

--jhhnstsvxikeb
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<HTML>
<HEAD></HEAD>
<BODY>
<iframe src=3D"cidzlnvicocld" height=3D0 width=3D0></iframe>
<BR>This is the qmail program<BR>
<BR><BR><BR>Undelivered mail to <B></B>
</BODY></HTML>

--jhhnstsvxikeb
Content-Type: audio/x-wav; name="fiksozbq.exe"
Content-Transfer-Encoding: base64
Content-Id: <pzlnvicocld>

[END QUOTE]

Followed by a big binary.

Whose postmaster do I complain to, to stop these messages?

On Fri, 19 Sep 2003 17:41:52 +0100, A. J. Moss wrote:

<snip>
>"Returned mail - user unknown"; others are 157K long and have subjects
>like "Microsoft Security Update".
>
>I know this is something to do with a virus that is trying to spread

Hooray!

>itself as an e-mail attachment. I have an up to date version of Norton
<snip>
>[BEGIN QUOTE]
>
>X-Symantec-TimeoutProtection: 0
>X-Symantec-TimeoutProtection: 1
>Return-Path: <rod@g<snip>

Snipped email address above. If you post these spammers can use them.

>Received: from dswu27.btconnect.com (193.113.154.2 by
>mk-cpfrontend.uk.tiscali.com (6.7.01
> id 3F69DE0C0021ED12 for <snip>; Fri, 19 Sep

Also snipped your addy, but it's a bit late now....

>2003 16:54:03 +0100
>Date: Fri, 19 Sep 2003 16:54:03 +0100 (added by
><snip>

Oops..... if they didn't get enough.

>Message-ID: <>
>(added by <snip>

See above

>Received: from wtxtj (actually host
>host81-137-212-74.in-addr.btopenworld.com) by dswu27 with SMTP-CUST

Try the Received: from line, btopenworld

Look at the info here about tracing and reporting
www.btopenworld.co.uk
Help , bottom of page
Complaint , on the left
1st heading Abuse

Try feeding the message into spamcop, it will sort out the msg headers.

>(XT-PP); Fri, 19 Sep 2003 16:27:31 +0100
>FROM: "inet email delivery service" <smtpservice@<snip>.net>

america.net is a real hostname, but a couple of lines are missing.

>TO: "email recipient" <receiver@<snip>r.com>

same here no trace lines, but as it sends it's own mail it can make up
headers.

>SUBJECT: Failure Notice
>Mime-Version: 1.0
>Content-Type: multipart/alternative;
<snip>

Whose postmaster do I complain to, to stop these messages?
Complain maybe, stop not likely.

Me

A. J. Moss said:

> In the past day I have received a large number of e-mails to
> this address. Some are 143K long and have subjects along the
> lines of "Returned mail - user unknown"; others are 157K long
> and have subjects like "Microsoft Security Update".
>
> I know this is something to do with a virus that is trying to
> spread itself as an e-mail attachment. I have an up to date
> version of Norton Antivirus 2003, and I never open attachments
> from unfamiliar senders, so I know it's not my computer that has
> a virus.
>
> The header from one of the 143K e-mails is
[snip]

>
> Whose postmaster do I complain to, to stop these messages?
>

Bill Gates at Microsoft.com

Use another browser/e-mail client.

In article <>,
says...
>
>
>In the past day I have received a large number of e-mails to this
>address. Some are 143K long and have subjects along the lines of
>"Returned mail - user unknown"; others are 157K long and have subjects
>like "Microsoft Security Update".
>
>I know this is something to do with a virus that is trying to spread
>itself as an e-mail attachment. I have an up to date version of Norton
>Antivirus 2003, and I never open attachments from unfamiliar senders,
>so I know it's not my computer that has a virus.
>
<snip>

The virus spoofs the "From" line using addresses from lists on infected
machines. Unless you can determine the IP of the infected machine by
looking at the headers of the original virus email, you can't do
anything but delete the messages. This is the same for most of the
recent email virii. Isn't the internet great?