Spam by Virus

[Rose]

I went to Italy and used an internet cafe. Since then, I keep getting
"I-Word/Netsky.D" attachment sent to me on a daily basis.

When I looked into properties of these mail, invariably the following "host"
appears:
" Received: from host250-123.pool8288.interbusiness.it ([82.88.123.250]
...."
whereas the sender's e-mail addresses are always different.

My virus scanner always reported that:
"Viruses found in the attached files.
The file ?????.???: Virus identified I-Worm/Netsky.D"

Short of discontinuing using my own e-mail address, are there anything I can
do to stop this? I think this "server"? also used my e-mail address to send
virii to other people in the world too.

Any advice would be appreciated.

Many thanks

 

[Ernie B.]

I went to Italy and used an internet cafe. Since then, I keep getting
"I-Word/Netsky.D" attachment sent to me on a daily basis.

When I looked into properties of these mail, invariably the following "host"
appears:
" Received: from host250-123.pool8288.interbusiness.it ([82.88.123.250]
..."
whereas the sender's e-mail addresses are always different.

My virus scanner always reported that:
"Viruses found in the attached files.
The file ?????.???: Virus identified I-Worm/Netsky.D"

Short of discontinuing using my own e-mail address, are there anything I can
do to stop this? I think this "server"? also used my e-mail address to send
virii to other people in the world too.

Any advice would be appreciated.

Many thanks

Forward the spam, with complete header, to their abuse address ...

whois -h whois.abuse.net host250-123.pool8288.interbusiness.it ...
(e-mail address removed) (for interbusiness.it)
(e-mail address removed) (for interbusiness.it)

.... along with a polite note asking them to boil the spammer in oil.

 

[Julian]

I went to Italy and used an internet cafe. Since then, I keep getting
"I-Word/Netsky.D" attachment sent to me on a daily basis.

When I looked into properties of these mail, invariably the following "host"
appears:
" Received: from host250-123.pool8288.interbusiness.it ([82.88.123.250]
..."
whereas the sender's e-mail addresses are always different.

My virus scanner always reported that:
"Viruses found in the attached files.
The file ?????.???: Virus identified I-Worm/Netsky.D"

Short of discontinuing using my own e-mail address, are there anything I can
do to stop this? I think this "server"? also used my e-mail address to send
virii to other people in the world too.

Any advice would be appreciated.

Many thanks

There is nothing *you* can do to stop it. You might be able to create a
mail rule to delete messages containing the word "Netsky" without seeing
them.

The problem is, some computer in Italy has your email address somewhere
on its hard disk. It would be a pretty badly run internet cafe that
retained details of its users addresses, but it's possible. Or perhaps
you have corresponded with someone there. Either way, you are just one
of many unlucky recipients of mail from this infected machine, and it
won't stop until the owner cleans it.

 

[Rose]

I went to Italy and used an internet cafe. Since then, I keep getting
"I-Word/Netsky.D" attachment sent to me on a daily basis.

When I looked into properties of these mail, invariably the following "host"
appears:
" Received: from host250-123.pool8288.interbusiness.it ([82.88.123.250]
..."
whereas the sender's e-mail addresses are always different.

My virus scanner always reported that:
"Viruses found in the attached files.
The file ?????.???: Virus identified I-Worm/Netsky.D"

Short of discontinuing using my own e-mail address, are there anything I can
do to stop this? I think this "server"? also used my e-mail address to send
virii to other people in the world too.

Any advice would be appreciated.

Many thanks

There is nothing *you* can do to stop it. You might be able to create a
mail rule to delete messages containing the word "Netsky" without seeing
them.

The problem is, some computer in Italy has your email address somewhere
on its hard disk. It would be a pretty badly run internet cafe that
retained details of its users addresses, but it's possible. Or perhaps
you have corresponded with someone there. Either way, you are just one
of many unlucky recipients of mail from this infected machine, and it
won't stop until the owner cleans it.

Many thanks for the advice. But, the messages do not contain the word
"Netsky". I have never opened any attachments (obviously). I only delete
them on receipt. No harm has ever come on my computer. It is just very
annoying.

The senders, the details, the subjects, the messages, the attachment file
names, etc., are always different. There is no common "phrases" that I can
use to filter this out. The only thing in common is hidden in the
"properties" of the message showing the "host".

Is it possible to filter out messages from a certain "host"?

Rose

 

[Julian]

Is it possible to filter out messages from a certain "host"?

It depends on what mail client you're using. Some allow you to create
rules that can work on what is in the header. But if you are using
Outlook Express, same as you are for news reading, then I don't think
you can.

I don't know what AV you are using, but I assumed that if you were using
some mail filter, the scanner was inserting something into the message
body that you could test for. If yours can't do that, you could take a
look at ClamMail from http://www.bransoft.com/clammail/clammail.html.
This is a free POP3 mail scanning proxy that can be set up to insert any
text you want into a message that is found to contain a virus, and you
can then test for this with your rule.

 

[Dave Budd]

I went to Italy and used an internet cafe. Since then, I keep getting
"I-Word/Netsky.D" attachment sent to me on a daily basis.

When I looked into properties of these mail, invariably the following "host"
appears:
" Received: from host250-123.pool8288.interbusiness.it ([82.88.123.250]
..."
whereas the sender's e-mail addresses are always different.

My virus scanner always reported that:
"Viruses found in the attached files.
The file ?????.???: Virus identified I-Worm/Netsky.D"

Short of discontinuing using my own e-mail address, are there anything I can
do to stop this? I think this "server"? also used my e-mail address to send
virii to other people in the world too.

Any advice would be appreciated.

Many thanks

You might try http://www.mail-abuse.com/ to get them black-
holed.

My gf uses MailWasher, dunno if it can block by IP

 

[pete]

Is it possible to filter out messages from a certain "host"?

Yes.
Use Mailwasher.
Read it's instructions, then filter to delete automatically:
the entire header - contains - Received: from host250-123.pool8288

It works.
We get dozens of such garbage at work.