Help Me Track This E-Mail So&So

Normal headers of an email:
Date :Fri, 14 Feb 2003 9:04:00 +0100
From :
<big@boss.com>
To :_<xxxx@xxxxx.com> {My domain’s email web based email address.}
Subject :_Re: Here is that sample

My web host is text based so it only showed the option to download the file “Untitled1.pif”. I’ve looked at it with a hex editor. Only see an error message and a call to kernel32.dll. The only other ascii I see is “RICH” and “PE”.
Filename:Untitled1.pif
Type: application/octet-stream
Encoding: base64

All headers of the email:
Return-Path: <big@boss.com>
Delivered-To: xxxxx.com-xxxxx@xxxxx.com {My email address}
Received: (qmail 9437 invoked from network); 14 Feb 2003 08:04:15 -0000
Received: from m1.netfirms.com (HELO m5.netfirms.com) (66.48.76.114)
by m0.netfirms.com with SMTP; 14 Feb 2003 08:04:15 -0000
Received: (qmail 2305 invoked from network); 14 Feb 2003 08:04:09 -0000
Received: from node-c-5da1.a2000.nl (HELO T-0E909EFUDR5I7) (62.194.93.161)
by m5.netfirms.com with SMTP; 14 Feb 2003 08:04:09 -0000
From: <big@boss.com>
To: <xxxxx@xxxxx.com>
Subject: Re: Here is that sample
Date: Fri, 14 Feb 2003 9:04:00 +0100
Importance: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MSMail-Priority: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=“CSmtpMsgPart123X456_000_0AF374A1”

I went to ww2.hunter.com and searched for 62.194.93.161 and got this:
161.93.194.62.in-addr.arpa PTR node-c-5da1.a2000.nl

Did Google for a2000.nl and found UPC Nederland at www.a2000.nl . Couldn’t find a Dutch to Enlish web translater so I wrote an email to abuse@a2000.nl. I’m guess here that UPC Nederland is an ISP and the email originated from one of its dial-up customers.

Was my research correct? Is this enough? What else can I do?
Any suggestions for dissecting this program? How would I find out if it goes to IRC to report keystrokes or passwords? If it goes to IRC what can I do besides lurking in that room for the program author?

That looks like a dialup ISP.

I’m confused, why are you tracking down spam from a .nl origin?

It looks like a virus, not spam. Maybe s/he wants to warn the originator that they have a virus.

It’s a virus, not spam. The headers are forged and anyone you might be able to trace as the sender will most likely be just like you, another victim who happens to know your email address.

http://vil.nai.com/vil/content/v_99950.htm