Skip to content

Why Malware Continues To Spread (Shame On You, BellSouth!)

I received an email today telling me that I could go a certain URL and view a greeting card. From the start, I knew that it was malware.

Why do I say this? Because the target URL gave an IP address that belongs to a block managed by Bell South. This appears to be a block reserved for use by customers using DSL — not the place where you’d usually suspect a web server to be hosted. And the email originated from an IP address that is not registered in any WhoIs database.

From my experience, it smelled like malware.

So I dutifully found the abuse address for BellSouth and forwarded them the entire email (with headers), along with my reasons for suspecting that the destination IP was serving up malware, hit the “Send” button…

And almost immediately got the following reply:

The following message to was undeliverable.
The reason for the problem:
5.1.0 - Unknown address error 551-’StormWorm@MXLM infected’

Huh? What the heck is THAT supposed to mean? My computer isn’t infected; is yours, Bell South?

So it looks like the abuse address at Bell South doesn’t accept email. That’s really helpful — and it’s stuff like this that allows the bad guys to continue to trash your computer, steal your identity, and empty your bank account as they max out your credit cards.

I know who WON’T be my Internet Service Provider when I return to the States…

Incidentally, I also went to their website and clicked on the “Contact Us” link; you need a BellSouth.net email address to contact them… After all this, why would I ever want one?

And if somebody from BellSouth reads this post SOON, please post a comment or a trackback, telling me where I can report the details of this incident and I’ll be more than glad to work with you.

Thanks for listening,
Tom

This was written by Administrator. Posted on Tuesday, July 17, 2007, at 4:18 pm. Filed under Security, news. Bookmark the permalink. Follow comments here with the RSS feed. Post a comment or leave a trackback.

One Comment

  1. Lucky7Star wrote:

    Hi Tom,
    I do not think it has much to do with bellsouth as some might like for you to think… Actually its ATT or someone who used to work for ATT. I’ve traced this problem from Korea, and spam from Germany.. The common link are ppl concerned with security issues and for me personally its the TSA… You heard right, I’m not making this up. In fact I’ve got some address that are in the Herndon, VA 20171 zip code that are fairly Fairfax and interesting of note, just in case those in DC ever get their act together… I can say with certain convection they would be better off scraping this entire sorted affair and stop trying to terrorize ppl with pimento cheese sandwiches.

    Just my two cents… You may keep the change;)

    Thursday, August 2, 2007 at 1:33 am | Permalink

Post a Comment

Your email is never published nor shared. Required fields are marked *
*
*