I have them blocked, naturally, but they've switched to their subsudiary name and .com for email. i.e. no one uses that email any more. But even with their new email server, the header still shows the same IP address as "source" while the old email address continues to churn out infected emails.

ps - I'm not a techie. The only email security we have is me. Being obsessed, that's fine, but I'm out of my depth. I'm not worried about my system getting infected, I'm more concerned about the infected system being left online, wide-open and allowed to do what it's doing. It's criminal negligence.