how to catch someone whos sending you viruses
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: how to catch someone whos sending you viruses

  1. #1
    Banned
    Join Date
    Dec 2003
    Posts
    138

    how to catch someone whos sending you viruses

    Hi guys.
    I want to know that if someone sends you a virus in email and you have the headers and the IP address of the person..then how do you catch him/her?

  2. #2
    Senior Member
    Join Date
    May 2003
    Posts
    407
    do a whois of the ip, and get the ISP. then, report that IP to the ISP's abuse email. just consider that that person may have a virus on their computer and isnt intentionally sending it...


    slick
    \"Look, Doc, I spent last Tuesday watching fibers on my carpet. And the whole time I was watching my carpet, I was worrying that I, I might vomit. And the whole time, I was thinking, \"I\'m a grown man. I should know what goes on my head.\" And the more I thought about it... the more I realized that I should just blow my brains out and end it all. But then I thought, well, if I thought more about blowing my brains out... I start worrying about what that was going to do to my goddamn carpet. Okay, so, ah-he, that was a GOOD day, Doc. And, and I just want you to give me some pills and let me get on with my life. \" -Roy Waller

  3. #3
    Senior Member
    Join Date
    Mar 2003
    Posts
    452
    Originally posted here by slick8790
    do a whois of the ip, and get the ISP. then, report that IP to the ISP's abuse email. just consider that that person may have a virus on their computer and isnt intentionally sending it...


    slick
    That's very true.

    I wouldn't bother to report it, unless you know for certain that you are being intentionally targetted.


    --PuRe
    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on LiveWebShop.com

  4. #4
    Originally posted here by slick8790
    do a whois of the ip, and get the ISP. then, report that IP to the ISP's abuse email. just consider that that person may have a virus on their computer and isnt intentionally sending it...


    slick

    About MYDoom from Network Associates:

    This is a mass-mailing and peer-to-peer file-sharing worm that bears the following characteristics:

    contains its own SMTP engine to construct outgoing messages
    contains a backdoor component (see below)
    contains a Denial of Service payload

    This means infected zombie computers would send out emails, so tracking someone down wouldn't mean you would find a script kiddie on the other end. Just a victim.

    All you can do after you get the IP is report them, unless you plan on doing something malicious.

    edit-

    Groovicus posted a email forensic link here, very intresting.
    http://www.antionline.com/showthread...hreadid=254051

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    There are so many source spoofing malwares around these days that you don't "catch" anyone........you are at liberty to make a total prat of yourself though

    Best thing is to persuade people to stop it happening?

    http://www.internals.com

    "Mail Control" by Yariv Kaplan...............it stops mass mailers and the like because you have to confirm each e-mail you send.

    Stay safe

  6. #6
    Senior Member
    Join Date
    Jun 2003
    Posts
    723
    Didn't you ask for people to send you viruses a while back? , if so don't bitch about it if they did. If someone has the intention of infecting you surely they would send the email in a way it would not trace back to themselves.
    Do unto others as you would have them do unto you.
    The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
    -- true colors revealed, a brown shirt and jackboots

  7. #7
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    is it just me or is this turning a little suspicious? First 16 year old kid asks us to send him viruses for his "website" THEN he wants to know if a person can be traced back for sending a virus through an email. Did some kid at school piss you off Al1 and you want to spam his email with viruses? LOL i'm just joking...but you can take me seriously if you want .

    Yes, a person can be traced back through the header of the email. Given the person reading the header knows what he's doing.

  8. #8
    Senior Member
    Join Date
    Feb 2002
    Posts
    518
    Well... Now I dont have to check it... I did think that was the same guy...
    sooems to me he may be trying to get somene in particular as mentioned, or hes trying to entrap people who are sending him viruses (per his request) so he can turn them in and be a hero....Or collect a award/reward...
    Remember -
    The ark was built by amatures...
    The Titanic was built by professionals.

  9. #9
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    Norton AntiVirus removed the attachment: mp3music.pif.
    The W32.Netsky.D@mm threat was detected in the attachment.

    I just got this x3, all different headers.
    Norton caught them, but ?
    I really would like to be able to stop this sort of thing.
    but I was unaware that .pif were a danger ??

    So now I'm following the advice given by slick 8790
    in as much that at least I can whois the IP and maybe set F/W to stop these addresses ??

    Also, is this a 'new' one starting out?
    or am I the end of an old one ?
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  10. #10
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Originally posted here by foxyloxley
    Also, is this a 'new' one starting out?
    or am I the end of an old one ?
    The Netsky family is now up to version/variant "F". You are dealing with an old one (only a few days old, but still an old one)

    Cheers:
    DjM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •