Must be a new virus in the wild again. I've received more than 8600 Virus mails during the past twelve hours. The number that really disturbs me is that more than 8000 of them are bounces created by less than 10 different mail servers - bounces that contain the virus itself as payload.

I vaguely recall Chuqui posting the worst offenders in his blog in the past, but I doubt it would help too much.

Hmm, just realized that some of the bouncers listed here previously didn't identify the virus but complained about non-existant users, so bouncing the full mail was acceptable - if still dumb. I've removed the list for now.

path: /en/malware/viruses | #

I've been quite surprised when I received the first spam mail that got my name correct in the subject line sometime last months, but now I've started to get virus mails with an attachment named Imagine how many people will be convinced the document is for/about them. Scary.

path: /en/malware/viruses | #

I've noticed some effects of the virus attacks of the past months on the way I usually deal with email:

path: /en/malware/viruses | #

I wouldn't be surprised if it is going to spread extremely fast in Germany

From: Subject: RTL: DSDS Deutschland Sucht Den Superstar (DSDS) auf RTL. Hallo, Du wurdest zufällig von ca. 85.000 E-Mail Adressen ausgewählt, um bei RTL DSDS in der Zuschauer Jury mit zu Voten. ...

RTL is one of Germany's largest television companies (leading in market share during the last months). DSDS is "Deutschland sucht den Superstar", the German version of "Star Search", which has been the most successful TV show in the last year (don't ask why). And the email tells me I could become part of an online jury. Oh, and it contains a Windows executable with the extension .bat.

path: /en/malware/viruses | #

Similar to Brian I'm writing this so I have a place I can link to when people assume I'd be sending virus mails to them. Go and read Brian's article for the longer version of

Almost all recent worms and viruses fake the from address. If you receive a worm sent from any of my addresses, you can be absolutely sure that I haven't sent it.

Due to server-side filtering (big kudos to the people responsible for the mail infrastructure) I'm getting far less Mydoom worms now. I still keep getting bounces, which certainly is annoying. Being the moderator for a couple of mailing lists doesn't help either.

I've noticed that those viruses are causing problems to statistical spam detectors, mails without a virus get a higher probability of being ham now. So far I've been filtering out all mails with "bad" attachments (I don't have any use for .exe or .scr files) before ifile sees them, but I cannot remove all "zip" attachments.

path: /en/malware/viruses | #