|
-
March 4th, 2004, 12:32 AM
#1
Banned
how to catch someone whos sending you viruses
Hi guys.
I want to know that if someone sends you a virus in email and you have the headers and the IP address of the person..then how do you catch him/her?
-
March 4th, 2004, 12:35 AM
#2
do a whois of the ip, and get the ISP. then, report that IP to the ISP's abuse email. just consider that that person may have a virus on their computer and isnt intentionally sending it...
slick
\"Look, Doc, I spent last Tuesday watching fibers on my carpet. And the whole time I was watching my carpet, I was worrying that I, I might vomit. And the whole time, I was thinking, \"I\'m a grown man. I should know what goes on my head.\" And the more I thought about it... the more I realized that I should just blow my brains out and end it all. But then I thought, well, if I thought more about blowing my brains out... I start worrying about what that was going to do to my goddamn carpet. Okay, so, ah-he, that was a GOOD day, Doc. And, and I just want you to give me some pills and let me get on with my life. \" -Roy Waller
-
March 4th, 2004, 12:45 AM
#3
Originally posted here by slick8790
do a whois of the ip, and get the ISP. then, report that IP to the ISP's abuse email. just consider that that person may have a virus on their computer and isnt intentionally sending it...
slick
That's very true.
I wouldn't bother to report it, unless you know for certain that you are being intentionally targetted.
--PuRe
-
March 4th, 2004, 12:59 AM
#4
Originally posted here by slick8790
do a whois of the ip, and get the ISP. then, report that IP to the ISP's abuse email. just consider that that person may have a virus on their computer and isnt intentionally sending it...
slick
About MYDoom from Network Associates:
This is a mass-mailing and peer-to-peer file-sharing worm that bears the following characteristics:
contains its own SMTP engine to construct outgoing messages
contains a backdoor component (see below)
contains a Denial of Service payload
This means infected zombie computers would send out emails, so tracking someone down wouldn't mean you would find a script kiddie on the other end. Just a victim.
All you can do after you get the IP is report them, unless you plan on doing something malicious.
edit-
Groovicus posted a email forensic link here, very intresting.
http://www.antionline.com/showthread...hreadid=254051
-
March 4th, 2004, 01:14 AM
#5
There are so many source spoofing malwares around these days that you don't "catch" anyone........you are at liberty to make a total prat of yourself though 
Best thing is to persuade people to stop it happening?
http://www.internals.com
"Mail Control" by Yariv Kaplan...............it stops mass mailers and the like because you have to confirm each e-mail you send.
Stay safe
-
March 4th, 2004, 03:50 AM
#6
Didn't you ask for people to send you viruses a while back? , if so don't bitch about it if they did. If someone has the intention of infecting you surely they would send the email in a way it would not trace back to themselves.
Do unto others as you would have them do unto you.
The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
-- true colors revealed, a brown shirt and jackboots
-
March 4th, 2004, 04:18 AM
#7
is it just me or is this turning a little suspicious? First 16 year old kid asks us to send him viruses for his "website" THEN he wants to know if a person can be traced back for sending a virus through an email. Did some kid at school piss you off Al1 and you want to spam his email with viruses? LOL i'm just joking...but you can take me seriously if you want .
Yes, a person can be traced back through the header of the email. Given the person reading the header knows what he's doing.
-
March 4th, 2004, 12:33 PM
#8
Well... Now I dont have to check it... I did think that was the same guy...
sooems to me he may be trying to get somene in particular as mentioned, or hes trying to entrap people who are sending him viruses (per his request) so he can turn them in and be a hero....Or collect a award/reward...
Remember -
The ark was built by amatures...
The Titanic was built by professionals.
-
March 4th, 2004, 06:10 PM
#9
Norton AntiVirus removed the attachment: mp3music.pif.
The W32.Netsky.D@mm threat was detected in the attachment.
I just got this x3, all different headers.
Norton caught them, but ?
I really would like to be able to stop this sort of thing.
but I was unaware that .pif were a danger ??
So now I'm following the advice given by slick 8790
in as much that at least I can whois the IP and maybe set F/W to stop these addresses ??
Also, is this a 'new' one starting out?
or am I the end of an old one ?
so now I'm in my SIXTIES FFS
WTAF, how did that happen, so no more alterations to the sig, it will remain as is now
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
-
March 4th, 2004, 06:21 PM
#10
Originally posted here by foxyloxley
Also, is this a 'new' one starting out?
or am I the end of an old one ?
The Netsky family is now up to version/variant "F". You are dealing with an old one (only a few days old, but still an old one)
Cheers:
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
