Olympus-OM
[Top] [All Lists]
<prev [Date] next> <prev [Thread] next>

[OM] Re: someone has a virus

from Joe Gwinn
Subject: [OM] Re: someone has a virus
From: Joe Gwinn <joegwinn@xxxxxxxxxxx>
Date: Sun, 11 Apr 2004 11:56:05 -0400 
At 3:32 AM +0200 4/11/04, Listar wrote:
>From: "Ian Manners" <om@xxxxxxxxxxxxx>
>Date: Sat, 10 Apr 2004 23:55:31 +1000 (EST)
>Subject: [OM] Re: someone has a virus
>
>
>Hi Wayne
>
> > Someone on this list has the Win32/Netsky.D worm virus.
>
>If you can show us the headers, either on, or off list and we can
>narrow it down to at least the ISP for you.
>
>Not sure how you get the headers in your email client :-
>QUALCOMM Windows Eudora Version 6.0.1.1
>but I'm sure it would be easier than an Outlook user....

It's the "Blah Blah" button to the left of the Subject edit box, at the top of 
the window.


Used Whois <http://www.arin.net/whois/index.html> to figure out who owns 
address 209.27.62.94.  The result follows:

Cable & Wireless, Inc. NET-CWI-NET (NET-209-27-0-0-2)
                                         209.27.0.0 - 209.27.255.255
       Cable & Wireless Americas Operations, Inc. CW-NET-209-27-60 
(NET-209-27-60-0-2)
                                         209.27.60.0 - 209.27.63.255
       Truman Bodden and Co. (Attorneys at Law) CW-209-27-62-88 
(NET-209-27-62-88-1)
                                         209.27.62.88 - 209.27.62.95

       # ARIN WHOIS database, last updated 2004-04-10 19:15

It appears to be Cable & Wireless Americas Operations, which is an ISP.  Truman 
Bodden & Co probably do regulatory work for Cable & Wireless.

The relevant info (clock on the NET-209-27-60-0-2 link) is:


Search results for: ! NET-209-27-60-0-2 

       OrgName:    Cable & Wireless Americas Operations, Inc.
       OrgID:      CWAO
       Address:    230 Park Avenue
       Address:    Suite 1000
       City:       New York
       StateProv:  NY
       PostalCode: 10169
       Country:    US

       NetRange:   209.27.60.0 - 209.27.63.255
       CIDR:       209.27.60.0/22
       NetName:    CW-NET-209-27-60
       NetHandle:  NET-209-27-60-0-2
       Parent:     NET-209-27-0-0-2
       NetType:    Reallocated
       NameServer: NS.CW.NET
       NameServer: NS2.CW.NET
       NameServer: NS3.CW.NET
       NameServer: NS4.CW.NET
       NameServer: NS5.CW.NET
       Comment:    ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
       RegDate:    1997-01-27
       Updated:    2004-02-24

       TechHandle: IA3-ORG-ARIN
       TechName:   Cable and Wireless US
       TechPhone:  +1-800-977-4662
       TechEmail:  ip@xxxxxxxxxx

       OrgTechHandle: TCR3-ARIN
       OrgTechName:   Cremer, Tobias
       OrgTechPhone:  +49 89 92699
       OrgTechEmail:  tcremer@xxxxxxxxx

       OrgTechHandle: SMO31-ARIN
       OrgTechName:   Morhoff, Sandra
       OrgTechPhone:  +49 89 92699 0
       OrgTechEmail:  smorhoff@xxxxxxxxx


Somebody with a comcast.net address claimed to be the source of the 
virus-infected emails.  This is unlikely, as the comcast address ranges do not 
overlap those of Cable & Wireless.

Anyway, an email to one of the tech addresses above should allow the identity 
of the infected machine to be found.

Joe Macs-don't-have-this-problem Gwinn


The olympus mailinglist olympus@xxxxxxxxxx
To unsubscribe: mailto:olympus-request@xxxxxxxxxx?subject=unsubscribe

To contact the list admins: mailto:olympusadmin@xxxxxxxxxx?subject="Olympus 
List Problem"
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [OM] Re: honest vendors and feedback, Doug
Next by Date:  [OM] Re: someone has a virus, Tris Schuler
Previous by Thread:  [OM] Re: someone has a virus, ll . clark
Next by Thread:  [OM] Re: someone has a virus, Ian Manners
Indexes:  [Date] [Thread] [Top] [All Lists]
Sponsored by Tako
Impressum | Datenschutz