Very sus email unidentified but not O.K. I'd be quite pleased and appreciative if somebody could take a look at this and help me sort out what exactly this is. I've pumped it and a few others through Jotti and they all come up clean. I'm actually re-investigating this because we had to re-install a clients whole network for them to clean this up and never identified the responsible thing. Basically there were PC's all over the network emailing basically the same thing aparently at random and of their own accord. Somethime while they were in active use, sometimes whilst resting. I captured a few of these emails by fitting a NAT SMTP proxy inline (transparent) to the network so all internet traffic had to pass through it. Anyhow, ASCII pasted below. Obviously hotmail.com isn't at 10.0.0.2 - thats the first clue. Also all the emails claimed to be from the same sender. The to address was always either @hotpop.com or @bigfoot.com Anybody come across anything like this before? (sorry if this post is a bit long) Received: From hotmail.com (unverified [10.0.0.2]) by SMTP Server [10.0.0.138] (WinGate SMTP Receiver v5.2.2 (Build 892)) with SMTP id <0000000005@blackbox>; Thu, 25 Mar 2004 11:41:10 +1100 Message-ID: <firstname.lastname@example.org> From: <email@example.com> To: <firstname.lastname@example.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii File Type: image/bin BNAMKPBJEGGFHOIKJMNCAADCDDEBIIILKNMOPPCBEDFDGGHMKMLOPMDCFBCIMIBIOOFOBB LKKINGFPKLJHOFDAELAFHBFIKMLKBDHMPDKIBBBEIHGCOPGODHMHMPOPANMMBMBJBKPLJC GCAELLLMMGOAOHMGOMHNHPKINDPNDGEPGBNMOELHIDIKLNKALNGPLIAHMELKOABCDCNFIC ------------Middle chunk removed to shorten post------------ IAAAFOJLPMHPCDJIGFGNKANKHJFJCBCFLIMLJJNLLDGBGAGCGDMBICABINDDGJJEJNHHDP OIPHMBNBNDLGPOJIBECGEAPCKDCKEJEOFHBIIFIMFNBLKKEMNGNNCJFAIFCGNOECKPCAGL MNAABNECJOCPDPDCMLAEDKOBJAOH .