Have I got a zombie mailer?

Hi all,
I've suddenly got this sort of thing appearing in my router log.

2007-03-02 19:16:39 - UDP Packet - Source:221.209.110.50,47100
Destination:86.129.215.57,1026 - [DOS]
Fri, 2007-03-02 19:16:39 - UDP Packet - Source:221.209.110.50,47100
Destination:86.129.215.57,1027 - [DOS]
Fri, 2007-03-02 19:16:39 - UDP Packet - Source:124.8.165.2,31118
Destination:86.129.215.57,1026 - [DOS]
Fri, 2007-03-02 19:16:39 - unexpected reply: 535 authorization failed
(#5.7.0)
Fri, 2007-03-02 20:06:08 - UDP Packet - Source:60.12.166.197,59565
Destination:86.129.215.57,1027 - [DOS]
Fri, 2007-03-02 20:06:08 - unexpected reply: 535 authorization failed
(#5.7.0)
Fri, 2007-03-02 20:22:33 - UDP Packet - Source:221.208.208.93,39338
Destination:86.129.215.57,1026 - [DOS]
Fri, 2007-03-02 20:22:34 - UDP Packet - Source:221.208.208.93,39338
Destination:86.129.215.57,1027 - [DOS]
Fri, 2007-03-02 20:22:34 - unexpected reply: 535 authorization failed
(#5.7.0)
Fri, 2007-03-02 20:38:53 - UDP Packet - Source:221.208.208.90,37300
Destination:86.129.215.57,1026 - [DOS]

This has come up in the last couple of days and before I changed my e-mail
password the failure messages were e-mail sent success!

I've also got a big increase in pseudo (I hope) returned emails from all
over the place but of a very similar message. Is it fakes or am I actually
forwarding messages out everywhere? (to a lot more than my contacts, none of
whom have complained yet)

The delivery addresses of the bounced returns look a bit random at times,
but others could be real.

A full scan with Antivirus, Spybot, adaware, etc hasn't shown up anything on
this machine, but to be honest I don't really know what to be looking for.

Can anyone help?

Alan

In article <(E-Mail Removed)>, Al Reeve
of (E-Mail Removed), felt we'd be interested in the following...


> 86.129.215.57

86.129.215.57 resolved to
host86-129-215-57.range86-129.btcentralplus.com

221.209.110.50 doesn't resolve on any lookup i've used, except one which
guessed it as being based in China.

================================================== ==

IP Address : 221.209.110.50 [ 221.209.110.50 ]
ISP : CNCGROUP Heilongjiang province network
Organization : CNCGROUP Heilongjiang province network
Location : CN CN, China
City : Mudanjiang, 08 -
Latitude : 44°58'33" North
Longitude : 129°60'00" East


% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 221.209.110.0 - 221.209.110.255
netname: MDJ-INTERNET-DIVISION
descr: Mudanjiang Internet Division
country: CN
admin-c: BG63-AP
tech-c: BG63-AP
changed: (E-Mail Removed) 20051025
mnt-by: MAINT-CNCGROUP-HL
status: ASSIGNED NON-PORTABLE
source: APNIC

route: 221.208.0.0/14
descr: CNC Group CHINA169 Heilongjiang Province Network
country: CN
origin: AS4837
mnt-by: MAINT-CNCGROUP-RR
changed: (E-Mail Removed) 20060118
source: APNIC

person: Binghui Gao
nic-hdl: BG63-AP
e-mail: (E-Mail Removed)
address: Communication Corporation Internet Enterprise Division of
HLJ
phone: +86-451-2804465
fax-no: +86-451-2804442
country: CN
changed: (E-Mail Removed) 20030221
mnt-by: MAINT-CNCGROUP-HL
source: APNIC

================================================== ==


I'd lock stuff down until someone else can come along and offer better
advice as an IP in China seems a bit iffy to me.

Install a personal firewall (Comodo is free) or delete all rules in an
existing one. See what's trying to get out.


--
My reply address is invalid.
Please post replies to the group.
Messages posted via Google Groups are set to 'auto-ignore'
XPS M1710 / 2.16 GHz dual core / 2Gb DDR2 / nVidia GeForce 7950GTX