From: "Rich Gauszka" 

Uh Oh - are you a close personal friend of Osama bin Laden?

"Gary Britt"  wrote in message
news:455e2b73{at}w3.nls.net...
> Its some pakistani spoofing the nls.net domain as the return address:
>
> The messages are received from 203.101.174.122 and the info on this ip
> address I get is:
>
> C:\Utility > whosip 203.101.174.122
>
> WHOIS Source: APNIC
> IP Address:   203.101.174.122
> Country:      Pakistan
> Network Name: CYBERNET
> Owner Name:   CYBER INTERNET SERVICES (PVT.) LTD.
> From IP:      203.101.160.0
> To IP:        203.101.191.255
> Allocated:    Yes
> Contact Name: ANSARUL HAQ
> Address:      A-904, 9TH FLOOR LAKSON SQUARE BUILDING#3, SARWAR SHAHEED
> ROAD, KARACH
> I-74200 PAKISTAN
> Email:        eng{at}cyber.net.pk
> Abuse Email:
> Phone:        +092-021-568-1752
> Fax:          +092-021-568-2711
>
> Gary
>
> Rich Gauszka wrote:
>> Yeah - a accidentally replied to all on one of the messages I got from an
>> ex-coworker and obviously hit some infected machines. My spams on another
>> email account have dramatically increased.
>>
>>
>> "Gary Britt"  wrote in message
>> news:455e1890$1{at}w3.nls.net...
>>> ;), I didn't think that was one of *his* sheep!!!
>>>
>>> I've gotten 6 more since the last update.  I'm setting up a virus filter
>>> at my mail server to block nls.net messages for the time being.
>>>
>>> Avast is definitely showing it was worth the price I paid for it today!
>>>
>>> Maybe some spammer is spoofing the nls.net part of the address?
>>>
>>> Funny though that these all come from georger{at}nls.net.  Amazing what the
>>> bot computers can pickup and figure out.
>>>
>>> Gary
>>>
>>> Rich Gauszka wrote:
>>>> I'm not getting anything. You didn't mess with any of
Geo's sheep did
>>>> you? 
>>>>
>>>>
>>>> "Gary Britt" 
wrote in message
>>>> news:455e0c42$1{at}w3.nls.net...
>>>>> I've gotten 6 more since 1:00 PM ET.  I hope some bot/worm isn't
>>>>> spamming all of nls.net with this worm.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Gary
>>>>>
>>>>> Gary Britt wrote:
>>>>>> Hey George,
>>>>>>
>>>>>> Are you testing my thunderbird email program for exploits??
>>>>>>
>>>>>> This morning I received 21 email messages all from
Georger{at}nls.net
>>>>>> and all infected with various photos containing
the Win32:VB-CD2
>>>>>> [Wrm].
>>>>>>
>>>>>> Avast zapped them all as they came in, but I had
to sit there and
>>>>>> click delete twice for each one of them so Avast
could clean the
>>>>>> infected photos from the emails.
>>>>>>
>>>>>> Here is a sample of what Avast was reporting:
>>>>>>
>>>>>> Incoming email 'Fw: Funny :)' From:
"georger" , To:
>>>>>> \Video_part.mim#1999582787
>>>>>>
>>>>>> Incoming email 'Re: ' From: "georger"
, To: >>>>> AT g e n c o g . c o m>\Attachments001.BHX#3477615820
>>>>>>
>>>>>> Incoming email 'Re: ' From: "georger"
, To: >>>>> AT g e n c o g . c o m>\Attachments[001].B64#483803162
>>>>>>
>>>>>> Incoming email 'Fw: ' From: "georger"
, To: >>>>> AT g e n c o g . c o m>\Video_part.mim#1999582787
>>>>>>
>>>>>> Incoming email 'Fwd: image.jpg' From:
"georger" ,
>>>>>> To: \Attachments001.BHX#3477615820
>>>>>>
>>>>>> Incoming email 'Fw: ' From: "georger"
, To: >>>>> AT g e n c o g . c o m>\Attachments00.HQX#1805444652
>>>>>>
>>>>>> Incoming email 'Fw: Sexy' From:
"georger" , To: >>>>> b AT g e n c o g . c o m>\Attachments001.BHX#3477615820
>>>>>>
>>>>>> Incoming email 'Re: ' From: "georger"
, To: >>>>> AT g e n c o g . c o m>\Attachments00.HQX#1805444652
>>>>>>
>>>>>> Incoming email 'Fw: SeX.mpg' From:
"georger" , To:
>>>>>> \SeX.mim#3194668624
>>>>>>
>>>>>> Incoming email 'Fw: ' From: "georger"
, To: >>>>> AT g e n c o g . c o m>\Attachments001.BHX#3477615820
>>>>>>
>>>>>> Incoming email 'Fwd: Crazy illegal Sex!' From:
"georger"
>>>>>> , To: >>>>> m>\Sex.mim#2779844178
>>>>>>
>>>>>> Gary
>>

--- BBBS/NT v4.01 Flag-5