static_geek Posted August 31, 2003 Share Posted August 31, 2003 The past 5 days I have received a total of 55 emails..........all returns....stating I was sending the SOBIG virus....I have scanned and rescanned using my AV(avast!) AND online scanners.and I DO NOT have the virus.But apparently someone who has me in their address book DOES have the virus.I've emailed all the possible parties but none have found it on their system.Now; I only give my ISP email to people i know and trustand when I subscribe to sites , I use generic web based emails(hotmail,burtmail,etc) generally to prevent the inordinate amount of spam thats floating about nowadays. My question is what recourse do I have left? Is my only option to change my ISP email address? I've have tried tracing the suspect emails but I never catch it in the act of sending and the IPaddress isn't active when I try to trace? Link to comment Share on other sites More sharing options...
+BudMan MVC Posted August 31, 2003 MVC Share Posted August 31, 2003 Do you have the full headers of atleast one of these email that was kicked back. What is the IP address of the machine sending the mail? Do a whois on the IP - this will tell you who owns the netblock, etc.. From there you can complain to the ISP of the user - or the company that is using the netblock. Link to comment Share on other sites More sharing options...
static_geek Posted August 31, 2003 Author Share Posted August 31, 2003 Done and done..it's an "...attbi.com"..however I believe most attbi.coms have been turned to comcast.net in this area(or am I just needlessly confusing myself?) Anyway I have yet to get a response ,and this was 2 days ago. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted August 31, 2003 MVC Share Posted August 31, 2003 Even though the users emails have been switched to attbi - I do not believe that they have updated anything else. So if you do a whois on the netblock it is still shown as being owned by att. And if you do a nslookup or dig -x on the actual IP address - it still shows up as xxxx.client.attbi.com I would send email to abuse at comcast as well, and maybe email abuse at the people kicking back the email to you - letting them know that they have the WRONG person. The problem is - it really does not have to be anyone you know. It could be a someone that was forwarded an email you sent someone, etc.. etc.. You have to give the virus guys some credit - the move to change the from address to something other than the infected persons address does make it more difficult to track down who is actually infected. But this is nothing new, most of the viruses in the last year or so have been doing this. And the habit of companies to kickback the email - but not include the email in question (so you can not see the full headers of the offending email) is not a move in the right direction if you ask me. Link to comment Share on other sites More sharing options...
static_geek Posted August 31, 2003 Author Share Posted August 31, 2003 Gotcha......I'll give that a try ......see how it goes. Thanks fer the input! Link to comment Share on other sites More sharing options...
Recommended Posts