Infected computer

Hi all! This may be a stupid question but here goes:
Is there anyway to get someone to take an infected computer offline?
Despite receiving 2 attempts per day for over 3 months (several different worms and viruses) we have not been infected. However, 2 mutual business associates have been infected 3 times between them and this is really beginning to tick me off.
The infected system is almost certainly wide-open for whatever may come along, including new and unknown viruses and virus-types.

Is it possible the source IP in the message header routing info is spoofed? It appears legit i.e. the owner fits the profile of the type of business the infected email address is coming from.

Thanks for any help you can offer!

Cyd

We handle these situations the same way every time.

First - We block all messages and/or connections between ourselves and other party
Second - We call them to inform them of said changes and notify them we will turn these conduits of communication back on after they have sent us proof they are up to date on patches and Virus definitions.

Not understanding your buisness model this may or may not work for you. However if you were able to have the mutal associates follow a similar action I have a huntch the problem would work itself out.

I have them blocked, naturally, but they've switched to their subsudiary name and .com for email. i.e. no one uses that email any more. But even with their new email server, the header still shows the same IP address as "source" while the old email address continues to churn out infected emails.

ps - I'm not a techie. The only email security we have is me. Being obsessed, that's fine, but I'm out of my depth. I'm not worried about my system getting infected, I'm more concerned about the infected system being left online, wide-open and allowed to do what it's doing. It's criminal negligence.

Hmmmm,

Have you tried contacting them and telling them what you have experienced?

It is not the e-mail address that is infected. It is either a (some) user PC(s) or a mail server.

If they can't/won't do anything about it all you can really do is block them, no matter what e-mail they use.

Quote:

---

Originally posted here by nihil
Hmmmm,

Have you tried contacting them and telling them what you have experienced?...

---

As suggested, I'd absolutely contact them! Let them know that it is very poor business to knowingly or unknowingly infect other computers due to lax security practices. That it may very well affect them financially as folks will simply stop communicating with them because of the malware infections etc. And then take the opportunity to help them harden their computers and educate them about email virus scanning etc., etc.

cheers

I guess I'm just overly sensitive about this kind of stuff. To be honest, it drives me nuts. More nuts than people who forward email jokes and pictures. Which I didn't think was possible.

I've written a very nice email explaining what's happening and now I'm just going to forget about it. Calm and steady. I'm a river...I'm a river...I'm a river and all that chillout stuff. Did I mention that I'm fanatical about a squeaky clean email inbox? I don't think I did. Anyway, I am. And I'm also a river...I'm a river...I'm a river...

Anyway, thanks for the advice! I knew I couldn't really do anything about it. I guess I just needed somebody to tell me not to worry about it.

Cheers!
Cyd

Quote:

---

Originally posted here by tin.roof.rabbit

Not understanding your buisness model this may or may not work for you. However if you were able to have the mutal associates follow a similar action I have a huntch the problem would work itself out.

---

We're a very small company that makes equipment for companies all over the world. The offending email comes from a US based Asian freight forwarder that was chosen by a customer that is probably also getting emails sent to about 20 different people. I can't imagine how many emails are being sent out to how many countries, businesses and customers. It just irritates me to no end.

Thankfully, our customers are much better than they used to be, when it comes to internet security. The last time we got showered with infected emails, they came from two different Fortune 500 companies that shall remain nameless. But that was in 2002. Needless to say, we did not get infected. Well...I say "we"...actually the accounts payable computer got bit. But not from email. That was from downloading every "cute little" cursor she could find! AARRGGHH!! She's also a notorious email forwarder...engineering maintains her computer now. I just don't have the patience. Obviously. lol

Thanks again, for the suggestions!

Cheers,
Cyd

It's sad, cyd, how clueless some users are. I had a client once whose PC was "own3d" and being used in denial of service attacks (thousands of emails an hours emanating from his PC to everyone in his address book). This guy refused, absolutely refused, to take it offline. Then he had the audacity to imply I didn't know what I was doing! He-heh, he finally had me back in after four days to clean it up.

Good luck...

I know many will disagree with me because we’ve had these discussions before but…..

I really think you should inform the fbi. There are hacking armies in asia trying to get all the info they can and it sounds like you’re in with a few international companies.

The same servers spewing out different viruses even after they’ve been told? Sounds like a part of their business plan to me.

did you check to see it it's an open relay? some people get paid to keep open relays

Quote:

---

Originally posted here by Tedob1
I know many will disagree with me because we’ve had these discussions before but…..

I really think you should inform the fbi. There are hacking armies in asia trying to get all the info they can and it sounds like you’re in with a few international companies.

The same servers spewing out different viruses even after they’ve been told? Sounds like a part of their business plan to me.

did you check to see it it's an open relay? some people get paid to keep open relays

---

I almost wrote yesterday to say that I didn't receive any infected emails, but that has happened before when I complained to the owner of the email address. It would stop for a couple of days and then start up again. And I see this morning that I have one from late yesterday afternoon.

When I think of my email address book, I shudder at the thought of getting infected by some new and unknown type of virus. I doubt many people understand the ramifications of such a possibility. Granted, if I knew I was infected, I'd yank my connection in a heartbeat, but we are small and that would not be much of a problem.

So, next question: If I empty my email address book, can a virus still extract email addresses off of my hard drive? I know a person could, but could a virus be written to "quietly" accomplish the same thing? Or, barring that, if you encrypt a file instead of deleting it, is it recoverable by anything other than password hacking?

I'll tell you right now the FBI's not going to do anything about virus-infected emails. They got their hands full as it is...

Have whomever is responsible for the physical wiring of their ethernet connections remove the cable from the switch.

It's not enough to go to their desks and take their ethernet cables. Pull their access from futher up the chain.

If they are able to get back online and persist, then

1) Set up their systems to a static IP (assuming they're using DHCP)
2) Lock down their systems so that they cannot change their IP settings
3) Block access from these IP addresses from the rest of the network.

That'll get their attention, and hopefully they'll resolve it.