Today, it was four emails. Yesterday, six.
My personal/family domain name has been getting hit with malware emails.
And while I certainly know better, some of my family members do not.
Emails from accounts that don’t exist, such as mail@, administrator@, and service@mydomain have been sending “Account Notice”, etc emails with zip files attached.
What is the payload in said zipfiles?, I hear you ask.
Well, it’s none other than Worm.Mytob.CV.
And after a tiny bit of digging, I discovered that all the emails were coming from Singapore (.sg tld).
So after a little Googling, I found the IP <-> Country database at LUDOST.NET.
You enter in a country’s tld you want to block (or at least look up all their assigned IPs), and what app (if any) you want to plug it into, and it generates the scripts with all of the IP address blocks that country has.
So, I went ahead and created one for .sg for IPTables.
It also saves the state for when you should have to reboot.
Give it a spin. It’s pretty cool.
IPTables script created. Packet Dropping with a Vengeance. France Surrenders.
And don’t worry, my dear readers from Japan and Germany. You are safe.
For now. ;)