Monday, August 04, 2008

What you can do if you keep getting infected emails from the one computer on the Internet.

Of late I have been receiving the same "You've received A Hallmark E-Card!" from the one computer on the Internet. It is very probable the person with the computer does not know their computer is infected and sending out the emails. So what can you do in this situation.

First you need to make sure the email is coming from the same person. The Hallmark E-Card has been coming to us from multiple computers, but I suspect most people in time realise they have an infection and fix the problem. Some people don't know for some time. This can lead to the ISP stopping their service until the problem is fixed.

How do you know the email is coming from the one computer and not many computers.

In my case I use OzEfilter and often I see the IP address of the computer that sent the email. In this case the IP address was 124.149.195.100.

The first thing to do is to check it is coming from Australia. Australian ISPs I've found are responsive. I use the following tool to find out the country of the IP address.
http://www.justlocal.com.au/clients/ip2country/index.php?address=124.149.195.100
(Just change the address at the end for the IP address sending you emails.)

Now you have checked the IP address is from Australia, you have to find who owns the IP address.

For IP addresses from Australia we can use the site http://www.apnic.net/. If you enter the IP address in the search at the top right of the page, you will get information as to who currently owns the IP address. In this case the IP address is owned by Westnet and so it is one of their clients who has the infected computer.

Since you can't contact the person directly, the only way I know is to log an abuse issue to the ISP who currently owns the IP address. The abuse email address is found in the page on the apnic site. You need to also send the header information from the email so the ISP has sufficient information to take action.

Usually this type of action is not required as most people realise fairly quickly when their computer has an infection. Where you keep getting emails for a number of days then it makes sense to do something as the person is not aware they have an issue.

It should be noted that we are not certain whether the attachment which comes with the email is harmful or not. We have checked the attachment with multiple sources and cannot find it contains malware. It is not detected as malware by our anti-virus software. In any case it is best to be careful and simply delete the email permanently off your computer.

- Kelvin

No comments:

Post a Comment