If you read my last post, you will see that we discovered and also banned petrpon... And yes, the bans were all permanent... The pests seem to have been using proxies, so there is no way to deal with their ISPs...
We have also neutered the PMs that were not already opened by the time we worked out the code to neuter them... As cnm says, do not assume that a PM from someone claiming to be a SWI staff member is real unless they have the rank to support it... Even then, I would check that PM with a member of leadership before clicking on it... If it seems to be from me, ask cnm before you open it -- and so on...
Instead if deleting the post, and when folks log in to check the message, can you retype the message to state it was a scam, or redirect searches for antivirus777 to a warning page.
I'm sure this is going to get worse before it gets better.
address headers from my scam email:
Authentication-Results: mta572.mail.mud.yahoo.com from=spywareinfo.com; domainkeys=neutral (no sig)
Received: from 220.127.116.11 (EHLO www25.yourdnshost.com) (18.104.22.168) by mta572.mail.mud.yahoo.com with SMTP; Sun, 24 Aug 2008 18:46:09 -0700
Received: from apache by www25.yourdnshost.com with local (Exim 4.67) (envelope-from <firstname.lastname@example.org>) id 1KW8t1-00082y-RT for email@example.com; Thu, 21 Aug 2008 08:03:31 -0400
Subject: You have a new personal message ( SWI Forums )
Date: Thu, 21 Aug 2008 08:03:31 -0400
"SWI Forums" <firstname.lastname@example.org>
Content-type: text/plain; charset="iso-8859-1"
Edited by burgessms, 25 August 2008 - 02:04 PM.