Virus mail and such

[Brendan McKay]

82.104.124.164 = host164-124.pool82104.interbusiness.it
which looks like an Italian ISP.  

Maybe someone can check the mailing list for Italian members who
might match this address. It can also be a random open relay that
the virus is using to hide its tracks.

Brendan.

* Hugo Pfoertner <all at abouthugo.de> [050617 12:47]:
> Brendan McKay schrieb:
> > 
> > * Hugo Pfoertner <all at abouthugo.de> [050617 04:20]:
> > > I just got an E-mail with a zip attachment "nomoney.zip" containing the
> > > virus  WORM/NetSky.B.1.
> > >
> > > The - probably faked - sender was
> > 
> > If you look in the actual headers of the mail message, you might be
> > able to identify the culprit.  For example, your message to the group
> > has the headers below.  The path of your message is traced from
> > p54990D10.dip0.t-ipconnect.de, which claims to be abouthugo.de,
> > up to shiva.jussieu.fr and then to me.  These headers can be faked
> > except for the very last one (my computer knows exactly where it
> > got the message from), but spammers and viruses often don't bother
> > because few people ever look at the headers.
> > 
> > Brendan.
> 
> Brendan, SeqFans,
> 
> the complete virus mail header is:
> 
> Return-Path: <2gpower at libero.it>
> Delivery-Date: Thu, 16 Jun 2005 09:10:08 +0200
> Received: from [82.104.124.164] (helo=abouthugo.de) by
> mxeu10.kundenserver.de with ESMTP
>           (Nemesis), id 0MKu60-1DioVr0D5N-0001vF for all at abouthugo.de;
> Thu, 16 Jun 2005 09:10:07+0200
> Von: 2gpower at libero.it
> An: all at abouthugo.de
> Betreff: hello
> Datum:   Thu, 16 Jun 2005 09:10:08 +0200
> MIME-Version: 1.0
> Content-Type: multipart/mixed; boundary="31132705"
> Nachrichten-ID: <0MKu60-1DioVr0D5N-0001vF at mxeu10.kundenserver.de>
> Envelope-To: all at abouthugo.de
> X-Mozilla-Status: 8001
> X-Mozilla-Status2: 00000000
> X-UIDL: 0MKu60-1DioVr0D5N-0001vF
> 
> So the questions is: Do we have someone with [82.104.124.164] in our
> group?
> 
> Hugo Pfoertner