In response to a previous thread for backtracking the path of a virus.

If you want to track something to its source, you have to have a powerful tool that will allow post event analysis.

We use a tool by a company called Niksun (NetDetector). This is a Sniffer like tool (promiscuous analyzer) only with up to ¾ Terabyte capture files. It also has very powerful string search and session reconstruction abilities.

All that you have to do is a string search for the virus signature and it will go back and show you every machine the signature has gone to or from.

This tool is actually designed to catch malicious users hackers etc, and reconstruct there sessions. However, it has many uses such as backtracking viruses, identifying infected machines and doing full post event analysis on pretty much anything.

I work for the UK distributor of this tool.