Another cunning virus ploy

[ffutures]

Received this tonight (read in mailwasher, needless to say with great care)

Dear user of Ntlworld.com,

Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.

For further details see the attach.

Best wishes,
The Ntlworld.com team http://www.ntlworld.com

Needless to say "the attach" is a .pif file called morinfo, presumably a virus payload of some sort. That or Ntlworld technical support are TRULY stupid, because there is no way I'm opening an attachment of that sort.

Here's the full header, for anyone who's interested or wants to take a crack at tracing the source. I've replaced the usual HTML brackets with curly brackets in what follows and deleted my address:

Return-Path: {czVrldGLqVJAFwia@00.d0.59.f5.d0.2a}
Received: from dispatch ([67.164.248.44]) by mta03-svc.ntlworld.com
(InterMail vM.4.01.03.37 201-229-121-137-20020806) with SMTP
id {20040304155443.YOMD22458.mta03-svc.ntlworld.com@dispatch}
for {xxxxxxxxxxxxxxxx@ntlworld.com};
Thu, 4 Mar 2004 15:54:43 +0000
Date: Thu, 04 Mar 2004 08:56:56 -0700
To: xxxxxxx@ntlworld.com
Subject: Warning about your e-mail account.
From: support@ntlworld.com
Message-ID: {etchsvwvojumewsoxpq@ntlworld.com}
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------tjbeqniifnaoportlvak"

----------tjbeqniifnaoportlvak
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Comments

[elementalv.livejournal.com]

I get surprisingly little of it, actually. During the MyDoom outbreak, I think I received the sum total of 4 messages, all of them directed at my Earthlink address. The worst problem I had was the Sobig (was that the big bad last year? can't remember) virus, when my Earthlink address was being spoofed, and I was receiving 30-40 messages per day, either with the new virus trying to come in or with organizational firewalls rejecting the messages that had spoofed my e-mail address.

What's frustrating to me is having to listen to coworkers come in the next day and complain about how they had to redo everything on their computer because of a virus. They don't necessarily keep up to date with the patches Microsoft puts out, which means they're part of the problem with the virus spreading.

[ffutures.livejournal.com]

The problem is I have to have contact details on my web site, and I post to newsgroups fairly often. As a result my address is on every spammer's list.