From: Gary Britt 

Its some pakistani spoofing the nls.net domain as the return address:

The messages are received from 203.101.174.122 and the info on this ip
address I get is:

C:\Utility > whosip 203.101.174.122

WHOIS Source: APNIC
IP Address:   203.101.174.122
Country:      Pakistan
Network Name: CYBERNET
Owner Name:   CYBER INTERNET SERVICES (PVT.) LTD.
 From IP:      203.101.160.0
To IP:        203.101.191.255
Allocated:    Yes
Contact Name: ANSARUL HAQ
Address:      A-904, 9TH FLOOR LAKSON SQUARE BUILDING#3, SARWAR SHAHEED
ROAD, KARACH
I-74200 PAKISTAN
Email:        eng{at}cyber.net.pk
Abuse Email:
Phone:        +092-021-568-1752
Fax:          +092-021-568-2711

Gary

Rich Gauszka wrote:
> Yeah - a accidentally replied to all on one of the messages I got from an
> ex-coworker and obviously hit some infected machines. My spams on another
> email account have dramatically increased.
>
>
> "Gary Britt"  wrote in message
> news:455e1890$1{at}w3.nls.net...
>> ;), I didn't think that was one of *his* sheep!!!
>>
>> I've gotten 6 more since the last update.  I'm setting up a virus filter
>> at my mail server to block nls.net messages for the time being.
>>
>> Avast is definitely showing it was worth the price I paid for it today!
>>
>> Maybe some spammer is spoofing the nls.net part of the address?
>>
>> Funny though that these all come from georger{at}nls.net.  Amazing what the
>> bot computers can pickup and figure out.
>>
>> Gary
>>
>> Rich Gauszka wrote:
>>> I'm not getting anything. You didn't mess with any of Geo's sheep did
>>> you? 
>>>
>>>
>>> "Gary Britt" 
wrote in message
>>> news:455e0c42$1{at}w3.nls.net...
>>>> I've gotten 6 more since 1:00 PM ET.  I hope some bot/worm isn't
>>>> spamming all of nls.net with this worm.
>>>>
>>>> Thanks,
>>>>
>>>> Gary
>>>>
>>>> Gary Britt wrote:
>>>>> Hey George,
>>>>>
>>>>> Are you testing my thunderbird email program for exploits??
>>>>>
>>>>> This morning I received 21 email messages all from
Georger{at}nls.net and
>>>>> all infected with various photos containing the
Win32:VB-CD2 [Wrm].
>>>>>
>>>>> Avast zapped them all as they came in, but I had to
sit there and click
>>>>> delete twice for each one of them so Avast could clean
the infected
>>>>> photos from the emails.
>>>>>
>>>>> Here is a sample of what Avast was reporting:
>>>>>
>>>>> Incoming email 'Fw: Funny :)' From:
"georger" , To: >>>> l b AT g e n c o g . c o m>\Video_part.mim#1999582787
>>>>>
>>>>> Incoming email 'Re: ' From: "georger"
, To: >>>> g e n c o g . c o m>\Attachments001.BHX#3477615820
>>>>>
>>>>> Incoming email 'Re: ' From: "georger"
, To: >>>> g e n c o g . c o m>\Attachments[001].B64#483803162
>>>>>
>>>>> Incoming email 'Fw: ' From: "georger"
, To: >>>> g e n c o g . c o m>\Video_part.mim#1999582787
>>>>>
>>>>> Incoming email 'Fwd: image.jpg' From:
"georger" , To:
>>>>> \Attachments001.BHX#3477615820
>>>>>
>>>>> Incoming email 'Fw: ' From: "georger"
, To: >>>> g e n c o g . c o m>\Attachments00.HQX#1805444652
>>>>>
>>>>> Incoming email 'Fw: Sexy' From: "georger"
, To: >>>> AT g e n c o g . c o m>\Attachments001.BHX#3477615820
>>>>>
>>>>> Incoming email 'Re: ' From: "georger"
, To: >>>> g e n c o g . c o m>\Attachments00.HQX#1805444652
>>>>>
>>>>> Incoming email 'Fw: SeX.mpg' From: "georger"
, To: >>>> l b AT g e n c o g . c o m>\SeX.mim#3194668624
>>>>>
>>>>> Incoming email 'Fw: ' From: "georger"
, To: >>>> g e n c o g . c o m>\Attachments001.BHX#3477615820
>>>>>
>>>>> Incoming email 'Fwd: Crazy illegal Sex!' From:
"georger"
>>>>> , To: >>>> m>\Sex.mim#2779844178
>>>>>
>>>>> Gary
>

--- BBBS/NT v4.01 Flag-5