Viruses come from the primus-india.net network, yet their network is
misconfigured, so any e-mails to their admins bounce as "Host unknown".

primus-india.net, primus-india.com
[203.196.128.0 - 203.196.143.255]: Access denied!



=== Virus (autoforwarded to postmaster@primus-india.net and abuse@primus-india.com) ===
Received: from localhost.localdomain (ptil-66-136-del.primus-india.net [203.196.136.66] (may be forged))
        by mail.dolphinwave.org (8.11.6/8.11.6) with ESMTP id g41CoFs24160
        for <webmaster@dolphinwave.org>; Wed, 1 May 2002 15:50:16 +0300
Received: from Skfv ([172.16.4.72])
        by localhost.localdomain (8.11.0/8.11.0) with SMTP id g41Cl6631146
        for <webmaster@dolphinwave.org>; Wed, 1 May 2002 18:17:06 +0530
Date: Wed, 1 May 2002 18:17:06 +0530
Message-Id: <200205011247.g41Cl6631146@localhost.localdomain>
From: lbglikig <lbglikig@excite.com>
To: webmaster@dolphinwave.org
Subject: Sos!
MIME-Version: 1.0
Content-Type: multipart/alternative;
  boundary=Filrlt0v459k98Wf0060A7B99KIa4Cb2cv0G8
Status: R 
X-Status: N
 
<HTML><HEAD></HEAD><BODY>
<iframe src=cid:R689bB5622E6BI height=0 width=0>
</iframe>
<FONT></FONT></BODY></HTML>

[class.bat and REGISTER.HTM Klez virus attachments removed]



=== Bounce from their admin contacts ===
Received: from localhost (localhost)
        by mail.dolphinwave.org (8.11.6/8.11.6) id g41Cr0R24398;
        Wed, 1 May 2002 15:53:00 +0300
Date: Wed, 1 May 2002 15:53:00 +0300
From: Mail Delivery Subsystem <MAILER-DAEMON@mail.dolphinwave.org>
Message-Id: <200205011253.g41Cr0R24398@mail.dolphinwave.org>
To: dolphin@mail.dolphinwave.org
MIME-Version: 1.0
Content-Type: multipart/report;
  report-type=delivery-status;
  boundary="g41Cr0R24398.1020257580/mail.dolphinwave.org"
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
X-Loop: dev.null@dolphinwave.org
Status: R 
X-Status: N
 
from dolphin@localhost

   ----- The following addresses had permanent fatal errors -----
postmaster@primus-india.net
abuse@primus-india.com
    (reason: 550 Host unknown)

   ----- Transcript of session follows -----
550 5.1.2 postmaster@primus-india.net... Host unknown (Name server: primus-india.net: no data known)
550 5.1.2 abuse@primus-india.com... Host unknown (Name server: primus-india.com: host not found)


---


Reporting-MTA: dns; mail.dolphinwave.org
Arrival-Date: Wed, 1 May 2002 15:52:44 +0300

Final-Recipient: RFC822; postmaster@primus-india.net
Action: failed
Status: 5.1.2
Remote-MTA: DNS; primus-india.net
Last-Attempt-Date: Wed, 1 May 2002 15:53:00 +0300

Final-Recipient: RFC822; abuse@primus-india.com
Action: failed
Status: 5.1.2
Remote-MTA: DNS; primus-india.com
Diagnostic-Code: SMTP; 550 Host unknown
Last-Attempt-Date: Wed, 1 May 2002 15:53:00 +0300


---


Return-Path: <dolphin>
Received: (from dolphin@localhost)
        by mail.dolphinwave.org (8.11.6/8.11.6) id g41CqiS24394;
        Wed, 1 May 2002 15:52:44 +0300
Received: from localhost.localdomain (ptil-66-136-del.primus-india.net [203.196.136.66] (may be forged))
        by mail.dolphinwave.org (8.11.6/8.11.6) with ESMTP id g41CoFs24160
        for <webmaster@dolphinwave.org>; Wed, 1 May 2002 15:50:16 +0300
Received: from Skfv ([172.16.4.72])
        by localhost.localdomain (8.11.0/8.11.0) with SMTP id g41Cl6631146
        for <webmaster@dolphinwave.org>; Wed, 1 May 2002 18:17:06 +0530
Date: Wed, 1 May 2002 18:17:06 +0530
Message-Id: <200205011247.g41Cl6631146@localhost.localdomain>
From: lbglikig <lbglikig@excite.com>
To: webmaster@dolphinwave.org
Old-Subject: Sos!
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary=Filrlt0v459k98Wf0060A7B99KIa4Cb2cv0G8
X-Loop: dev.null@dolphinwave.org
Subject: [AUTOBOUNCE] Klez virus from your customer! [Fwd: Sos!]
 
<HTML><HEAD></HEAD><BODY>
<iframe src=cid:R689bB5622E6BI height=0 width=0>
</iframe>
<FONT></FONT></BODY></HTML>

[class.bat and REGISTER.HTM Klez virus attachments removed]



=== APNIC data on their netblock ===
whois -h whois.apnic.net 203.196.136
[whois.apnic.net]

% Rights restricted by copyright. See http://www.apnic.net/db/dbcopyright.html
% (whois7.apnic.net)

inetnum:     203.196.128.0 - 203.196.143.255
netname:     DIL
descr:       DIRECT INTERNET LTD.
descr:       42 Dakshineshwar
descr:       10 Hailey Road
descr:       New Delhi - 110 001
country:     IN
admin-c:     YK161-AP
tech-c:      BC176-AP
mnt-by:      APNIC-HM
mnt-lower:   MAINT-IN-DIL
changed:     hostmater@apnic.net 20010719
changed:     hostmater@apnic.net 20010920
source:      APNIC

person:      Yashpal Kapoor
address:     42/10, Hailey Road,
address:     New Delhi - 110001
country:     IN
phone:       +91.11.373.7270
fax-no:      +91.11.373.7280
e-mail:      ykapoor@primus-india.com
nic-hdl:     YK161-AP
remarks:     FOR SPAM & SECURITY INCIDENTS,
remarks:     SEND EMAIL TO - abuse@primus-india.com
mnt-by:      MAINT-IN-DIL
changed:     bchhetri@primus-india.com 20020123
source:      APNIC

person:      Bishwo Chhetri
address:     274, Captain Gaur Marg,
address:     Sriniwaspuri, New Delhi
address:     110 065, India.
country:     IN
phone:       +91-11-632-2245
phone:       +91-11-631-9472
fax-no:      +91-11-692-4278
fax-no:      +91-11-631-8416
e-mail:      bchhetri@primus-india.com
nic-hdl:     BC176-AP
remarks:     FOR SPAM & SECURITY INCIDENTS,
remarks:     SEND EMAIL TO - abuse@primus-india.com
mnt-by:      MAINT-IN-DIL
changed:     bchhetri@primus-india.com 20020122
source:      APNIC