Hi guys.
I want to know that if someone sends you a virus in email and you have the headers and the IP address of the person..then how do you catch him/her?
Printable View
Hi guys.
I want to know that if someone sends you a virus in email and you have the headers and the IP address of the person..then how do you catch him/her?
do a whois of the ip, and get the ISP. then, report that IP to the ISP's abuse email. just consider that that person may have a virus on their computer and isnt intentionally sending it...
slick
That's very true.Quote:
Originally posted here by slick8790
do a whois of the ip, and get the ISP. then, report that IP to the ISP's abuse email. just consider that that person may have a virus on their computer and isnt intentionally sending it...
slick
I wouldn't bother to report it, unless you know for certain that you are being intentionally targetted.
--PuRe
Quote:
Originally posted here by slick8790
do a whois of the ip, and get the ISP. then, report that IP to the ISP's abuse email. just consider that that person may have a virus on their computer and isnt intentionally sending it...
slick
About MYDoom from Network Associates:
This is a mass-mailing and peer-to-peer file-sharing worm that bears the following characteristics:
contains its own SMTP engine to construct outgoing messages
contains a backdoor component (see below)
contains a Denial of Service payload
This means infected zombie computers would send out emails, so tracking someone down wouldn't mean you would find a script kiddie on the other end. Just a victim.
All you can do after you get the IP is report them, unless you plan on doing something malicious.
edit-
Groovicus posted a email forensic link here, very intresting.
http://www.antionline.com/showthread...hreadid=254051
There are so many source spoofing malwares around these days that you don't "catch" anyone........you are at liberty to make a total prat of yourself though ;)
Best thing is to persuade people to stop it happening?
http://www.internals.com
"Mail Control" by Yariv Kaplan...............it stops mass mailers and the like because you have to confirm each e-mail you send.
Stay safe
Didn't you ask for people to send you viruses a while back? , if so don't bitch about it if they did. If someone has the intention of infecting you surely they would send the email in a way it would not trace back to themselves.
is it just me or is this turning a little suspicious? First 16 year old kid asks us to send him viruses for his "website" THEN he wants to know if a person can be traced back for sending a virus through an email. Did some kid at school piss you off Al1 and you want to spam his email with viruses? LOL i'm just joking...but you can take me seriously if you want ;).
Yes, a person can be traced back through the header of the email. Given the person reading the header knows what he's doing.
Well... Now I dont have to check it... I did think that was the same guy...
sooems to me he may be trying to get somene in particular as mentioned, or hes trying to entrap people who are sending him viruses (per his request) so he can turn them in and be a hero....Or collect a award/reward...
Norton AntiVirus removed the attachment: mp3music.pif.
The W32.Netsky.D@mm threat was detected in the attachment.
I just got this x3, all different headers.
Norton caught them, but ?
I really would like to be able to stop this sort of thing.
but I was unaware that .pif were a danger ??
So now I'm following the advice given by slick 8790
in as much that at least I can whois the IP and maybe set F/W to stop these addresses ??
Also, is this a 'new' one starting out?
or am I the end of an old one ?
The Netsky family is now up to version/variant "F". You are dealing with an old one (only a few days old, but still an old one) ;)Quote:
Originally posted here by foxyloxley
Also, is this a 'new' one starting out?
or am I the end of an old one ?
Cheers: