If you're getting a lot of firewall hits, it's likely that you have an "exposed" port. A visit to Symantec's Security Site, and letting them "Scan for Security Risks," may show some setting changes you can make to reduce the "visibility" of your setup. (Note that the "Security" scan is something completely different than just getting scanned for virus infection.)

The site should ask for permission to attempt to "probe" your firewall. When the scan is completed you should get a rather detailed report of "what's open" and "what's visible," with recommendations of what you can do.

The site will also ask for your permission to add the info about "how safe you are" to their "Statistics" page. I generally let them do so. If you look at the statistics before and after your scan, I doubt you'll see that you've made much of a "bump."

I would not, in any circumstance I can imagine, attempt to contact an unknown originator of malware. If it's someone acting deliberately, unknown "retaliation" could result. If it's someone who's machine is infected without their knowledge, your "report" will likely get the same response as if someone walked up to you in a public place and said "you smell bad, why don't you take a bath."

I have found instances where a specific page on a site I consider "trustworthy" shows evidence of infection. In any such case I usually send a note to the site sysadmin, just as I would report a broken link. Usually that will get a "corrective action," but not always.

I usually do contact a known person from whom I receive infected email, but if I don't know them, I just block their email. If I do feel they should be told, I will usually 'phone or use some method other than reply email to let them know.

John