An examination of the mail header information will give you the source IP number. It will never match the return email address, as that is spoofed by the virus engine. A little further investigation will let you determine who is at the IP number, allowing you to contact them and suggest a removal tool. If that fails to get their attention the next step is to barrage his ISP's abuse desk with complaints. It may take several days to get their attention, but they will investigate and either tell the customer to clean up their act or disconnect them. They will do this to avoid having part of their domain appear on a blacklist.
This sounds somewhat draconian, I know, but sometimes it is what it takes to get the attention of the clueless who are careless enough to allow an infection.. ===================================== Douglas White group Manager mailto:[EMAIL PROTECTED] http://www.samcfug.org ===================================== ----- Original Message ----- From: "Jason Miller" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Tuesday, March 18, 2003 12:10 PM Subject: Re: Anyone else getting Klezzed? | To confirm - I just saw these too - my exchange server stopped 4 of | these today. | It also seems from this list. Hopefully everyone can quickly run some | updates and system scans. | I'm clean as of this morning. | jay | | Bud wrote: | | >Hi all. Just a head's up. | > | >In the past few days I've been getting all kinds of e-mail returned | >"undeliverable" because they contain W32/Klez-H. One was from the CF | >Talk list because the body of the e-mail was empty. So I figure it's | >someone on this list who has my e-mail address in their address book | >or wherever Klez get's the e-mail addresses from to send. Then I just | >got rock.exe from [EMAIL PROTECTED], whom I think is someone else | >on this list, who is apparently also in the same person's address | >book. | > | >Just figured everyone who isn't sure they aren't infected may like to | >check. I'm on a Mac so I know it ain't me. :-D | > | > | | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
