tracking scammers by IP number - OT

[Barry Margolin]

In article <en0sqb$s3f$1 at sf1.isc.org>,
 "Jeff Lightner" <jlightner at water.com> wrote:

> My bad.  I guess I assumed the user had logged into their Yahoo mail
> account and sent it and it was this I was speaking of - Oddly enough I
> can't hit port 25 on the server that said it received it with SMTP.
>  
> 
> The originating address is from hsd1.md.comcast.net.  Comcast is a U.S.
> Cable Television company that also does broadband over cable.  Is this
> always a Comcast address you're seeing?  (doing reverse lookup on the
> IPs would tell you).  If so it might be to the point to contact Comcast
> and let them know you suspect there is fraudulent activity there.  

My guess is that it's a PC that has been infected with malware that 
turns it into a zombie, and the scammer controls these zombie PCs 
remotely to send their email.  So finding the owner of this PC is not 
likely to help you find the bad guy, you'll just find someone who hasn't 
secured his PC very well.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***