what should i do about virus spam...

[Crappopotamus]

ive been getting this 'microsoft security update' virus spam regularly. what should i do... who do i complain to?

heres the source...

From - Sun Dec 07 00:22:37 2003
X-UIDL: E888BD494DC7B2FCAB3565791D73BB3C
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <admin@duma.gov.ru>
Received: from localhost ([24.114.97.23])
by fep04-mail.bloor.is.net.cable.rogers.com
(InterMail vM.5.01.05.12 201-253-122-126-112-20020820) with SMTP
id <20031206181550.NBZA27989.fep04-mail.bloor.is.net.cable.rogers.com@localhost>
for <ianchow32@rogers.com>; Sat, 6 Dec 2003 13:15:50 -0500
From: "Microsoft" <security@microsoft.com>
To: <ianchow32@rogers.com>
Subject: Use this patch immediately !
MIME-Version: 1.0
Content-Type: multipart/mixed;boundary="xxxx"
Message-Id: <20031206181550.NBZA27989.fep04-mail.bloor.is.net.cable.rogers.com@localhost>
Date: Sat, 6 Dec 2003 13:15:51 -0500

--xxxx
Content-Type: text/plain;
Content-Transfer-Encoding: 7bit

Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!

--xxxx
Content-Type: plain/text
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Norton AntiVirus Deleted1.txt"

Tm9ydG9uIEFudGlWaXJ1cyByZW1vdmVkIHRoZSBhdHRhY2htZW50OiBwYXRjaC5leGUuDQpU
aGUgYXR0YWNobWVudCB3YXMgaW5mZWN0ZWQgd2l0aCB0aGUgVzMyLkR1bWFydUBtbSB2aXJ1
cy4=
--xxxx

 

[conjur]

Setup a filter and delete it.

It won't go away. Once you start getting spam...you're fvcked.

 

[Crappopotamus]

i do have a filter. but this is a recurring one. i figured maybe it was just some poor idiot with a virus that keeps sending it to me. has happened before... but that time, i knew who it was.

 

[SpiderX]

That's the Swen virus. I get about 6 of them an hour.

 

[OZEE]

You need to send an email to rogers.com with this header info and explain the situation.

The email is NOT from admin@duma.gov.ru, but I'm guessing you already knew that. The IP addy 24.114.97.23 tells us who it's really from. Doing a whois tells us that IP belongs to rogers.com. Rogers probably will not tell you who that IP belongs to (quite likely a friend of yours who's infected with SWEN) but they can (and should) be able to look it up and contact them so it can be cleaned.

Actually, as i look at rogers.com, it looks like their preferred way of contact is through a formmail on their website. Use this to contact their tech-support group and this for a "general inquiry".

They should be interested in helping you find who's got SWEN, because it sucks up their b/w resources, too.

 

[Crappopotamus]

done. thanks OZEE. i bet its one of my friends. stupid friends :|