e-mail virus...question...help

[JeffD]

Ok I got a bunch of return mail yesterday saying "possible virus found" etc and they were all ~ 100k.  I am thinking that someone just used my e-mail addy as the return address and just sent out a bunch of crap.  can anyone look up this IP or point me to some software that can search out where this IP is?

67.83.80.45  <- it was included in all the e-mails as

Return-path: <electrovwAThotmail.com>
Received: from [67.83.80.45] (helo=GMC-GAIL)
   by caesar.solidwebhosting.com with esmtp (Exim 4.20)
   id 19uoo3-0005So-QT
   for info@milazzoindustries.com; Thu, 04 Sep 2003 03:45:28 -0400
From: <electrovwAThotmail.com>
note I changed the at symbol to AT.

any help appreciated.
thanks.

[ginovega]

Scan your computer. Windows have all the patches for the Worm , Welchia, SoBigE an the rest for download. Also get a virus protection software like Norton or MacFee and a good firewall. Here at work we have all that but is govement stuff so I can't share it. Being dealing with that all last month.

Gino

[zoltan]

do you have a hotmail account?

it's probably nothing to worry about. on an infected computer the virus will send out an email to someone in the address book and make it appear that it came from someone else in the address book. usually all that message means is that you and the person it was sent to are both in address book on an infected computer somewhere.

[Casimir]

It's more than likely Sobig.f. It falsifies the sender, so you get the bounce message. Scan your computer to be sure, but our company has gotten in the thousands of these in the past weeks and our virus defs are kept up to date daily.

Here is the write-up.

It pulled your email address from someone's computer, probably their web cache.  Which means they have visited your site or this board.  

[ladybrid]

http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html

try this, they have all sorts of other things too, I got one of those awhile ago and it infected everyone in my addy book.

[Casimir]

can anyone look up this IP or point me to some software that can search out where this IP is?

67.83.80.45  <- it was included in all the e-mails as

I used http://www.dnsstuff.com. Looks like its a dynamic address from a cable ISP. Hard to track down precisely but it looks like they're in the New York / New Jersey area based on router names in a traceroute.

Country: UNITED STATES

NOTE: More information appears to be available at Cablevision Systems.

Optimum Online (Cablevision Systems) NETBLK-OOL-4BLK (NET-67-80-0-0-1)
                                 67.80.0.0 - 67.87.255.255
Optimum Online (Cablevision Systems) OOL-6BPRNYNJ4-0821 (NET-67-83-80-0-1)
                                 67.83.80.0 - 67.83.87.255

# ARIN WHOIS database, last updated 2003-09-04 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

[JeffD]

hmm.. dont know anyone in the north eastern area unless John(admin) got hit.   Thanks Casimir

[powrful1]

my finace got a similar email that said she sent out an email with the virus from an account to another person.......problem was the one that sent her this message was a bogus account on aol.....so don't believe everything you get in the email inbox.

I would make sure you are up to date on virus defs, firewall, and windows patches!

[Casimir]

It looks pretty tight on New Jersey (ubr103-ge1-0-0.cmts.jcsnnj.cv.net.).

My money is on Jersey City (jc) New Jersey (nj). Since the icon at the bottom of every message you post links to your email address, anyone visiting the board could be a suspect. "lloydbanks" or "spotswood_suzuki" perhaps.