getting hundreds of w32 yaha virus' all from same address! help!

Forum Moderators: phranque

Message Too Old, No Replies

getting hundreds of w32 yaha virus' all from same address! help!

w32 yaha virus email that all comes from same address

sweetorr

1:09 am on Apr 26, 2003 (gmt 0)

Our sales email box is getting inundated by emails with the w32 yaha virus all from the same address. Is there a way to tell where the 'true' source of the email is in the header? We're getting one every 2-3 minutes all day and night. the domain in the header is a cable provider. I temporarily shrunk the size of the inbox to 35k to bounce them but this will block any emails from customers with photo attachments.....

g1smd

6:36 pm on Apr 26, 2003 (gmt 0)

Contact the ISP, and get them to look into it. They may be able to kill it at source.

sweetorr

7:03 pm on Apr 27, 2003 (gmt 0)

man, this was frustrating. The ISP is a national cable provider. They only have one security person,ONE! he didn't check his email for more than a day. They couldn't call him except from a senior managment level. the national help desk had to page a manager then she had to conference with me then call him then she called me back and said "problem solved" to get to this point took about three hours of calls to different divisions told the circumstances to about 10 people.... meanwhile I go and check my mail...MORE emails. I started calling individuals with the origins name in the general area of the ISP division where he was located-his address has a prefix that varies by area. luckily the virus didn't spoof the address. he was an elderly man new computer ...no idea about firewalls etc..he had a cheap antivirus program they gave him that must have been a year old. He turned off his computer it stopped.
The ISP was incredibly ill prepared for this. criminally in my opinion, I'm not talking about a tiny company these guys are owned by what i think is the largest media company in the world.