At first glance, the Returned Mail message appears to have come from a legitimate source… in this case, the people paying the bills for Email Battles: comco-inc.com. But the poor formatting should alert the reader to a potential problem:

From: Mail Administrator [mailto:MAILER-DAEMON@comco-inc.com]

Subject: Returned mail: Data format error

Dear user of comco-inc.com, mail system administrator of comco-inc.com would like to let you know that,

Your e-mail account has been used to send a large amount of unsolicited commercial e-mail messages during this week. Most likely your computer was compromised and now contains a trojaned proxy server.

We recommend that you follow our instruction in the attached file in order to keep your computer safe.

Virtually yours,
comco-inc.com support team.

A review of the message header says the message is from comco-inc.com, but a traceroute of the IP address, 201.244.240.26, returns corporativos244240-26.etb.net.co:

Return-Path: MAILER-DAEMON@comco-inc.com

Received: from unknown (HELO comco-inc.com) (201.244.240.26)

Adding insult to injury, if you click on the attachment to see your message… and you aren’t properly protected by a virus-disabling spam filter… you’ll unleash MyDoom.M.

You’ve already figured out that Mydoom.M uses IP spoofing when it spams fake messages that look like various SMTP errors. It also opens your back door at TCP port 1034, then scans for other open 1034 ports, and saves the list for later retrieval. If you fall for this old chestnut, F-Secure has a free removal tool.

In addition, if office politics allow, set your network content filter to disable or mangle attachments… especially those with any of these extensions: bat, cmd, com, exe, pif or scr.

Set Your Spam Filter To Kill Phishers
[trimMail Inbox Dangerous Content Screenshot]

Disable dangerous scripts and HTML content, including embedded links. By cleaning messages before they hit your mail servers and end-users, you can relegate downstream spam filtering logic to lighter-weight fine tuning. Instead of the heavy duty processing required for checking each message for spam and viruses, local filters can simply sort mail that has already been identified as dangerous into the proper folders.

More importantly, you free up that downstream power and bandwidth for more important things, like downloading Desperate Housewives, or playing Second Life, or juggling mobile and IM traffic.

In case you were wondering, the domain etb.net.co belongs to Empresa de Telecomunicaciones de Bogota, a major full-service telecommunications company, based in… you guessed it… Bogota, Colombia.

Could have as easily come from Gmail… Hotmail… Yahoo… AOL…