CryptoWall Virus E-mail from |

A new variant of CryptoLocker, called CryptoWall, is making the rounds in Canada and the United states. The infected file often originates from an e-mail attachment with a .zip extension and often appears to be a fax, resume, or invoice.

Once clicked on the user may see a pop-up or error message with no apparent negative consequences. However, after several hours or days it will begin encrypting word docs, excel, pdf, database files, and other files on the computer.

Train staff to never ever open .zip files or other attachments that they were not otherwise expecting to receive.

Here is the e-mail header of a recent example

Received: from ([])
Received: from dolph by with local (Exim 4.82)
(envelope-from )
id 1YZVMv-0003Fm-Kj
Subject: Resume Jess West
X-PHP-Script: for
Mime-Version: 1.0
Date: Sat, 21 Mar 2015 21:12:01 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname -
X-AntiAbuse: Originator/Caller UID/GID - [32386 500] / [47 12]
X-AntiAbuse: Sender Address Domain -
X-BWhitelist: no
X-Exim-ID: 1YZVMv-0003Fm-Kj
X-Source: /opt/php52/bin/php-cgi
X-Source-Args: /opt/php52/bin/php-cgi /home4/dolph/public_html/
X-Source-Auth: dolph
X-Email-Count: 331
X-Source-Cap: ZG9scGg7ZG9scGg7Z2F0b3IzMzA1Lmhvc3RnYXRvci5jb20=

Recent Visitors to this Spammer's Page

Below you will find a list of recent visitors to this page, it will often include people that have been targeted by this particular spammer or scammer or perhaps the criminal himself. We filter (hide) IP addresses of criminal investigators and police organizations that use this database.

Hostname Timestamp 02/17/2019 - 22:27
E-mail Spammers


Post new comment

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Fill in the blank