General discussion

Locked

Originating address of an e-mail

By cdavidson ·
Here at my company we are running Exchange 5.5 on NT 4 sp6a and one of our users recently received an e-mail (we assume from an outside source) that had the W95.Hybris worm attached. The e-mail received did not have a return address, sent date or a sent from address. We are assuming that the originating computer is infected with the virus and is e-mailing copies of the virus without the owners knowledge. Does anyone know of a way we could find the sender so we can notify them that they are sending us this? I'm sure there has to be a way to find this out, any help will be greatly appreciated.

Thanks!!

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Originating address of an e-mail

by Chuck Rothman, GSEC In reply to Originating address of an ...

Did you check the headers? That should give you the originating IP address at least, which may be useful in tracking things down.

Collapse -

Originating address of an e-mail

by cdavidson In reply to Originating address of an ...

How would I go about doing that? I'm not sure where to find that type of information.

Thanks

Collapse -

Originating address of an e-mail

by Chuck Rothman, GSEC In reply to Originating address of an ...

OK. I made a few assumptions. It all depends on your e-mail client. For Outlook 2000, open the message, and click on "View" and "Options." There's a field called "Internet Headers." Read through it. The most important are the "Received by" headers, which give the IP addresses of each jump on the way to your computer. The first "Received by" should give some information about the originating computer. You can look up IP addresses at http://www.samspade.org. If you're lucky, you may find that the mail originated at a particular permanent IP within a company. At the very least, you can notify them that it came from their network.

Collapse -

Originating address of an e-mail

by cdavidson In reply to Originating address of an ...

Thanks a lot, we used the information from the header and we have forwarded the information on to an ISP which the message originated. We should be hearing from them soon.

Collapse -

Originating address of an e-mail

by cdavidson In reply to Originating address of an ...

This question was closed by the author

Back to Software Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums