March 28th, 2004, 03:15 PM
I've been getting virus infected mails on a daily basis for many weeks, all aparently from different senders, some genuine (if I google the address shown) some probably not.
reading the headers they're all coming from the same IP during weekdays, often another at weekends, both seem fixed IP's. From what I've read the IP shown identifies a particular computer logged onto a network so cannot be from different people
just curious as to how it's possible for these to be coming from so many different people, but apparently all from the same IP?
not a huge problem as I have no intention of ever opening any of them, I would like to find out who is behind it as I'm convinced it's someone deliberately targeting me which has happened before, and forced me to close another email account.
sorry if this in the wrong place, wasn't sure where to post.
March 28th, 2004, 03:17 PM
Most likely the email address is spoofed. The IP being the same on the weekdays sounds like a laptop that is moved from work to home and back again.
I've unfortunately had a bit too much experience with this as a user at my work evidentally has this and nothing I do can convince my email admin to put a block on the IP so the user might get a clue.
March 28th, 2004, 03:24 PM
ah, that makes a lot of sense.
The IP being the same on the weekdays sounds like a laptop that is moved from work to home and back again.
After doing a little searching about tracking IP's I have been able to submit abuse reports to the relevant ISP but I feel like it's probably a waste a time, although from what I understand it should possible to trace the user.
thanks for quick reply, I guess deleting the account is the only way to go
March 28th, 2004, 09:45 PM
Is the subject line the same on all of the emails? You might not have to remove the account, if it's important to you. You could propably just as well, filter the subject line, sender, specific words in the body.
Also, you might want to look @ getting a decent antivirus, so it can help you mitigate that threat of viruses.
March 28th, 2004, 10:00 PM
have anti virus, and setup outlook to filter the body text so they go straight to the bin, it's just the fact that it's very annoying as it seems to be one person...
shouldn't let it bug me, but it does
March 28th, 2004, 10:03 PM
1. What is the name of the virus?
2. Do you recognise any of the "senders"?
I think that MsM has a good call with the dockable laptop scenario...........the person sending them might not even be aware?
3. Are there any CC. addresses and do you recognise any of them?
Obviously, if you are in the address book of an infected computer you will keep getting them, particularly if it is a private address book (fewer entries than a corporate one).
A fixed IP (all of the numbers) would suggest a corporate network, or a cable/satellite connection?
March 28th, 2004, 10:53 PM
I've been getting a lot of them lately too and one of them was from Cheyenne lol. I dont know whats going on but I'm currently working with the OIT department at my school to figure out the headers of the email. All the senders are different...but I'm thinking that it could have something to do with the Email provided to us by theBBGN *which hosts our website/gameserver*. I'll get back to you if I find out some more information. Right now I have to get the headers first...then have cheyenne contact BBGN and they'll see if its theirs. I never used to get viruses on my school's email until we setup the website lol. The viruses are automatically deleted by the school's AV, but it attaches a text file saying that the file was deleted because it was suspicious of being a virus.
March 29th, 2004, 08:51 AM
1. What is the name of the virus? IWorm NetskyD
2. Do you recognise any of the "senders"? No, it seems completely random, some are genuine company contacts that can be found on the net, others are just jumbled up letters eg. firstname.lastname@example.org.
I think that MsM has a good call with the dockable laptop scenario...........the person sending them might not even be aware? I guess that is possible but I dont see how they would appear to be all from different senders with same IP unless that person was deliberately trying to conceal their idenity??
3. Are there any CC. addresses and do you recognise any of them? No, none at all.
I used to be involved with gaming websites and have been targeted before, I suspect this is a result of that and they've somehow got hold of my home e-mail (probably me not being careful enough ) Although am starting to think this is someone I know as many of the "addresses" appear to be from my local towns council and other organisations which I've had no contact with.
I hope if I submit enough abuse reports they'll look into it.
I've also been using various tools to trace the two IP's, using lookup on tjping i get the following...
Official Name: cpc2-stev2-4-0-cust69.lutn.cable.ntl.com
Official Name: cpc3-hatf2-6-0-cust92.lutn.cable.ntl.com
am not certain but am guessing the "stev2" and "hatf2" apply to two local towns? (Stevenage & Hatfield) strange coincidence if it doesn't.
is all very odd, but am determined to get to the bottom of it.
March 29th, 2004, 09:57 AM
There are viruses out there that will randomize who it's sent from. Some will just use info in the address book, other just create them out of a random list provided by the virus writer. It's not a hard thing to do.
I guess that is possible but I dont see how they would appear to be all from different senders with same IP unless that person was deliberately trying to conceal their idenity??
March 29th, 2004, 12:30 PM
so it could be someone I know, but they dont know they're doing it......
some of it doesn't make much sense to me, but at least there's a chance it's not malicious.