tracing spam

Dirk dirk.dil at pt.lu
Fri Nov 19 02:08:36 PST 2004


Jason Gurtz (jason at tommyk.com) wrote:
> On 11/16/2004 02:41, Dirk wrote:
> 
> > Received: from pt.lu (ppp12-90070708-146.pt.lu [195.46.248.146])
> >         by inmx1.pt.lu  with ESMTP id iAEIn1qM032103
> >         for <mejerdil at pt.lu>; Sun, 14 Nov 2004 19:49:02 +0100
> [...]
> > I recieved this from "ppp12-90070708-146.pt.lu".  This means my ISP is
> > spamming me!?!?
> 
> I would hope not!  More likely, it's one of their customers.  Why not
> forward the spam to their abuse desk?
> 
> ~Jason
>

OK, them I think I know who it is.

Does this scenareo make sense? ( It is what I think what is happening.)

Some one's PC (running on M$) gets infected with a virus/worm.  This
takes advantage of a dial up connection and a local list of e-mail to
disseminate itself.  Adresses to and from randomly selected from local
adress list.  And who knows what else this virus/worm is doing.

If that makes sense, what should the infected PC's owner do about it?
Reinstalling M$ would cure it ( temporarily ).  Any way to avoid losing
the whole setup?

I advised them to use a firewall, a virus doctor and spamassasin which
is also available for M$ I think.

Thanks for your patience so far.

Dirk



More information about the lfs-chat mailing list