<<<my response is at the end of this>>>
With a new mail address, I posted a single message yesterday
(September 28th) to a single newsgroup, alt.idiots.
Here is the list of email addresses and IP's from which I received the
SWEN worm through email: (In other words, here's a list of TOTAL
dumbasses):
(e-mail address removed) 195.130.225.150
(e-mail address removed) 212.166.64.98
(e-mail address removed) 159.134.118.16
(e-mail address removed) 209.29.198.119
(e-mail address removed) 205.152.59.72
(e-mail address removed) 212.216.176.222
It is rare that a chance to expose true dumbasses comes along, don't
thank me - It was my pleasure. The above users should 1) put down the
crack pipe 2) step away from the keyboard 3) UNPLUG the computer and
never plug it in again!
Since I believe the last word I saw from Symantec was that the From is
forged on these, I don't think it is the case that these individuals are
the ones at fault for flushing this to the planet. (I get a dozen or
two bounces a day claiming they couldn't deliver my virus mail to a now
non-existant destination. And I ONLY use an ancient mail language called
ASCII, so I KNOW I've never been infected with this Windows virus)
However, the hosts are certainly irresponsible for allowing forged
virus spam to be flushed to the world.
Here is my morning's list of virus spewing hosts, with all the
duplicates eliminated.
012.net.il repeated requests, no sign of action
BHost.bilei2.bilei.co.jp variety of hosts in japan, no sign of action
KPNQwest.pt new one this morning, will see what happens
MH-Hannover.DE can't remember if this is new today or not
altitudetelecom.fr repeated requests, no sign of action
btfusion.com repeated requests, no sign of action
charter.net repeated requests, no sign of action
davisson.uni2.net can't remember if this is new today or not
hetnet.nl repeated requests, no sign of action
iprimus.net.au repeated requests, no sign of action
japan.japanfood.com.au variety of hosts in japan, no sign of action
optusnet.com.au repeated requests, no sign of action
rhenium.btinternet.com repeated requests, no sign of action
richardson.uni2.net can't remember if this is new today or not
rio.gov.pl repeated requests, no sign of action
rr.com repeated requests, no sign of action
singnet.com.sg dozens of requests, no sign of action
teikal.gr repeated requests, no sign of action
telenet.net.au repeated requests, no sign of action
telepac.pt repeated requests, no sign of action
tin.it ha ha ha ha... expecting tin.it to act!
and it is still early.
In a few minutes I'll drop each of these into the report tool
and ask them to:
STOP spewing virus to the world
Find your virus spewing customers and STOP them
Then fix your mailer so you refuse to pass this virus spam
Thank you
(virus binary has been cut out of this message)
I'll send this, and the de-fanged complete original message and headers
off to the abuse address for each host. On a good day I'm getting as
many as three or four host admins who realize this is a problem and
track down the real person responsible for spewing this to the world
and cut them off or clean them up.
For example, tm.net.my found and stopped their spew and thanked me.
That almost made me faint. prserv (the old spam toilet now owned by
AT&T) pulled the plug on theirs and told me, I had to have a party
for that one. Earthlink appears to have actually acted, haven't seen
spew from them in a day or two. Videotron.ca, spam toilet for western
Canada was so pissed off at my repeated requests that they stop this
that they dropped me into a blocklist, but the spew from them may have
stopped. Btconnect didn't send me a dozen today, even netvigator might
have fixed their problem.
It seems that what we are left with are the hosts that aren't going
to do anything to stop spewing this to the world unless they get an
overwhelming show of support.
If you would like to help then I suggest that everyone:
sign up with abuse.net or some other reporting aid to make it easier for you,
strip the big binary virus out of the email you send to the abuse address
at each of these hosts, that way you can't be blamed for spewing the same
virus AND we can have lots more 10kbyte complaints not fill up the inbox
than we do with 160kbyte complaints,
be brief, blunt and polite, asking them to track this down and stop it.
Maybe if enough of us do this we can get back to the usual chaos.
Thank you all for helping combat fraud and spam on the net.
(email address IS valid, been "dont" on the net since BEFORE there was spam)
and this posting should let me harvest a few hundred more of these