Machines coughing

> * 1. Nov 27 * new_account@turtle (1047) Your mail password

* 2. Nov 27 * webmaster@email.co (1047) Faulty_mail delivery

* 3. Nov 27 * webmaster@hotmail. (1059) invalid mail <SMTP:8650>

* 4. Nov 27 * Error_Mail@wimborn (1051) Mail delivery_failed <6580>

* 5. Nov 27 * smooth_criminal_00 (1039) Details

* 6. Nov 27 * hostmaster@hotmail (1043) Confirmation

* 7. Nov 27 * shaikin_fati@hotma (1041) Oh God it's

* 8. Nov 27 * Auto-Mailer@valves (1053) Re: Faulty_mail delivery <Esmtp:5394>

* 9. Nov 27 * nasimaqsa@hotmail. (1030) Details

* 10. Nov 27 * Error_Mail@winzyra (1052) Re: Mail delivery_failed

* 11. Nov 27 * info@mailcity.com (1043) Mail Error <SMTP:3234>

* 12. Nov 27 * new_account@talk21 (1045) Re: Registration confirmation

* 13. Nov 27 * Error_Mail@barking (1049) FwD: illegal signs in your mail

* 14. Nov 27 * notifications@grou (1034) Oh God it's

* 15. Nov 27 * info@hotmail.com (1051) Re: Mail delivery_failed <7339>

* 16. Nov 27 * user_info@xtzyra.c (1046) Your Password <KEY:4924>

* 17. Nov 27 * info@hotmail.com (1053) Faulty_mail delivery

* 18. Nov 27 * lubsss@hotmail.com (1034) FwD: Details

Yup. Spam.

Well, more like viral spam, as it's the same box, over and over, trying to deliver a virus. The IP (Internet Protocol) address it's coming from is 82.38.57.25, which belongs to blueyonder [1], an ISP (Internet Service Provider) based out of Surrey, England [2].

While I could ban the IP that would only stop perhaps 40% of it, as most of it is coming in via the backup email host for my domain and I don't have the access to block IP addresses there. I did a look up on the IP address (which is how I found out who owns it) and got this:

Table: Contact info for 82.38.57.25---emphasis added
inetnum:	82.38.0.0 - 82.38.255.255
netname:	TELEWEST-HSD_1-BRADFORD
descr:	Telewest HSD Platform
country:	GB
admin-c:	TWIP3-RIPE
tech-c:	TWIP1-RIPE
status:	ASSIGNED PA
mnt-by:	AS5462-MNT
mnt-lower:	AS5462-MNT
mnt-routes:	AS5462-MNT
notify:	ripe@telewest.net
notify:	capacity@telewest.co.uk
remarks:	report abuse to abuse@blueyonder.co.uk [3]
remarks:	All reports via other channels will be ignored.
changed:	ripe-admin@blueyonder.co.uk 20030313
source:	RIPE

As you can see, all abuse issues need to be mailed to abuse@blueyonder.co.uk [4], which I did:

**From:** Sean Conner <sean@conman.org>> **Subject:** Infected machine trying to infect my machine> **To:** abuse@blueyonder.co.uk [5]> **Date:** Thu, 25 Nov 2004 14:52:55 -0500 (EST)

To whom it may concern:

A machine with the IP address of 82.38.57.25 is continuously sending me infected files, 12 alone today, and about 20 yesterday (when I first noticed). I'm not concerned terribly much about getting infected (since I run Linux, not Windows) but it is clogging up my email, and no telling how many other systems it's trying to infect. Please deal with this as soon as possible.