Dear [My Name in UPPER CASE, very friendly]

We have reason to believe that a computer connected through your Rogers Cable Modem has been infected by virus. The amount of traffic and traffic patterns being generated are consistent with a Trojan Virus.

Typically, these types of viruses do not affect the performance of your computer and instead carry out attacks and malicious activities behind the scenes, without your knowledge. This type of network activity has the potential to negatively impact the overall service. For your reference, we have included a technical summary of the activity for your reference at the bottom of this e-mail message.

To protect your computer and to safeguard other customers on the Rogers Yahoo! Hi-Speed Internet network, we urge you to remove the virus as quickly as possible. This can usually be done by using an updated Anti-Virus program to scan all the computers connected to your cable modem and choosing to remove the viruses.

If you are unable to remove the virus within 48 hours, we will have to take additional steps to protect other customers and the Rogers Yahoo! Hi-Speed Internet network including temporary service deactivation. Should this occur, we can reactivate your connection once the virus has been removed by calling into our call center.

If the network activity below is not the result of a Virus, we ask that you reconfigure any programs or hardware which is generating the network activity detailed below to reduce the amount of traffic or redirect it to another DNS Server.

High volumes of requests causing Error or Canned (127.0.0.1) responses usually indicate a Worm, Virus, or Bot infection. These viruses will usually attempt to connect to a controlling server or attempt to perform a Denial of Service attack on a specific server on the Internet. Once the desintation is identified, the owner of the server may remove or change the DNS entry causing future Virus infected computers to fail resolving the name. this causes an error to be generated.
Sincerely,

EUA Management Team
Rogers Yahoo Hi-Speed Internet

IP Add, Errors, Queries
24.112.78.42, 120, 231

Date Time, Src, Query, Query type
2005-04-27 00:03:20.79363, 24.112.78.42, fresno.com., Internet Addr ?
2005-04-27 01:03:01.52843, 24.112.78.42, mail.mwh.com.brntfd.phub.net.cable.rogers.com., Internet Unknow
2005-04-27 01:03:13.94833, 24.112.78.42, 37.25.191.218.sbl.spamhaus.org., Internet Addr ?
2005-04-27 01:03:14.77028, 24.112.78.42, 169.223.234.203.in-addr.arpa., Internet PTR ?
2005-04-27 01:03:14.78227, 24.112.78.42, tm.net.my., Internet Addr ?
Date Time,Dst,Query,Response
2005-04-27 0:03:20.79446,24.112.78.42,fresno.com.,Internet Addr 129.8.57.70
2005-04-27 1:03:1.55726,24.112.78.42,Error:,3(Name Error)
2005-04-27 1:03:14.48904,24.112.78.42,Error:,3(Name Error)
2005-04-27 1:03:14.79525,24.112.78.42,tm.net.my.,Internet Addr 202.71.97.48
2005-04-27 1:03:20.9845,24.112.78.42,Error:,3(Name Error)

Thank You Rogers for identifying me as a virus carrier. Now, I shall rip it apart. The sample period of 231 requests with 120 failures is pretty short. If that triggers their "virus" warning system, it's pretty weak. The failures were generated by Anti-Spam methods (which check for domain existance and addressing) so, failures are a Good Thing™

So I replied. "This is as a result of anti-spam measures that use DNS to verify return addresses. But, since it's a problem for you, I have switched my DNS servers. Thanks!" Following that, their 'autoreply' form the abuse account got flagged as spam by their own (Yahoo!'s) system. Hahaha...

Kudos go to them for attempting to notify users. And I guess I'm lucky they didn't disconnect me. 48 hours is pretty a weak timeframe considering I don't use that email address for anything! The only reason I checked was because of my modem-upgrade notice. heh... Fun.

So, I guess now I can't use their DNS so that's yet another part of their service that I won't use leaving me with nothing but a connection.