Hi Folks, I've browsed a bit on one of the subject lines from our current spate of spam (similar to what we were getting around Feb - September 2005).
This turned up a worm virus known by various names, such as I-Worm.Nyxem.b, Win32:Nyxem, Win32.Blackmal.B, I-Worm.Win32.MyWife.79409, Worm/Nyxem.B, Win32/[EMAIL PROTECTED] A full description can be found at http://www.trendmicro.com/vinfo/virusencyclo/ default5.asp?VName=WORM_BLUEWORM.E [equivalently at http://tinyurl.com/2baq3s if you prefer] which indicates that it apparently dates from June 2004. I'm still puzzled by our own experience of it. For some reason, the most frequent "sender" is myself, with a few (in the past) "from" Werner or, once or twice, "from" Joergen Haegg. Also, the groff list is the only one (of many lists I am on) which receives it. For what it's worth, the latest stream originates from IP addresses owned by Awalnet in Saudi Arabia, e.g. whois 86.60.115.64 inetnum: 86.60.112.0 - 86.60.123.255 netname: Awal_Jawal_Pro descr: Awalnet Jawal Proj country: SA which is different from previous streams, e.g. Feb-Sep 2005: whois 194.2.232.250 inetnum: 194.2.232.0 - 194.2.232.255 netname: FR-ISEP descr: Institut Superieur d'Electronique de Paris So, despite the variations in apparent source, the limitation (in our experience) to the groff list, and to a few "senders" seems to be invariant! Anyway, let's hope that Werner's action, based on Nick's excellent analysis. will do the trick! Best wishes to all, Ted. -------------------------------------------------------------------- E-Mail: (Ted Harding) <[EMAIL PROTECTED]> Fax-to-email: +44 (0)870 094 0861 Date: 27-Jan-07 Time: 10:31:15 ------------------------------ XFMail ------------------------------