General discussion

Locked

Tracking down malicious e-mail sender

By cswanick ·
I have recieved some malicius e-mail in the recent past, I believe it was directed at me specifically, and contained the w95hybris.gen
virus in Dwarfforyou.exe file. (Unfortunately, my isp only provides pop3 and not Imap mail) and as soon as this message opend, the file launched itself, and I was infected. (Windows ME< auto rebuild, what a pain the a**!!!) Well, now I am in the process of attempting to decipher the header information in the 2 messages that I suspect came from the same individual, in order to have legal proof to bill him for the consulting fees I needed to pay in order to fully remove this malicious piece of code.
The sender apparantly used multiple mail gateways, attemptin to maintain anonymity, and I would like to know if there is any way I could gather enough info from the header info of these two messages in order to definitavely trace these messages back to the immature child in adults shoes that sent me these messages. I am a home user, not greatly schooled in internet technologies, but really love reading up on new tech stuff here at techpro, thanks a lot, I hope to hear soon.

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Tracking down malicious e-mail sender

by suemvp In reply to Tracking down malicious e ...

The Hybris virus is virtually impossible to trace because it can download and use its own program to send messages. See http://www.viruslist.com/eng/viruslist.asp?id=4112&key=00001000130000100044 for a good explanation of how Hybris works.

In fact, no one actually send you the virus message maliciously. What actually happened is that someone stupidly (not maliciously) infected their own machine. Then, the virus took over and started sending messages to addresses that it could find either onthat machine or on web pages or newsgroups postings accessed by that machine.

Collapse -

Tracking down malicious e-mail sender

by cswanick In reply to Tracking down malicious e ...

I believe that this virus WAS sent maliciously, while hiding the sender's e-mail address, using the given name of someone I know, and was sent, not once, not twice, but thrice...
IMMEDIATELY FOLLOWING THE DISSOLUTION OF A RELATIONSHIP with this individual. I had the virus professionally removed, my anti virus updated, and printed out the contents of the mesage as well as extended header informaton. He had signed the mesage with his first name, but the sending address was not his, had the virus payload used his address book, it would have shown his address in the message header, his e-mail address, which I know, did not show up in the header at all. All of which strongly suggests a willful and malicious act on this persons part. Again, The question is: is there a utility, that will allow me to trace ip addresses back thru anonymous e-mail relays, to uncover the true IP address of the sender?

Collapse -

Tracking down malicious e-mail sender

by ColoradoGuy In reply to Tracking down malicious e ...

There is a freeware program called Sam Spade.
It has several utilities in it, one of which is and email header parser. In addition it has whois and DNS reporting and several others. Get it at Samspade.org. It'll probably help you get the names ofthe email servers used, then you'll need to dig a little more to get who owns the names and so on. But I think you will probably get what you need.
Dave

Collapse -

Tracking down malicious e-mail sender

by cswanick In reply to Tracking down malicious e ...

The question was auto-closed by TechRepublic

Collapse -

Tracking down malicious e-mail sender

by Shanghai Sam In reply to Tracking down malicious e ...

Someone was kind enough to pass along this information to me when I had a problem with spam. This site can be used to look up a domain name and find out who to contact at that domain.

What you will need to do is take the email and view the full headers. Find the line where is shows where the email is sent from, it should give you something to the extent of domain.com/net/org. Put that information in the search boxes on the pages and that should give you some results. You will need to drill through the links to find the contacts for the domain. I would then contact them and let them know about the problem and ask how they can help you get the information you are looking for.

http://networksolutions.com/cgi-bin/whois/whois

Drop me an email if you have any questions.
Kurt
klschoet@ticon.net

Collapse -

Tracking down malicious e-mail sender

by estebandelatorre In reply to Tracking down malicious e ...

That would not be an easy task due to the fact that invaders use other host (relay host) to perform mass email distribution.
Consider first to block all incoming mail from xxx@com and have a properly antivirus setup.
You can't live without an antivirus!

Collapse -

Tracking down malicious e-mail sender

by cswanick In reply to Tracking down malicious e ...

The question was auto-closed by TechRepublic

Collapse -

Tracking down malicious e-mail sender

by cswanick In reply to Tracking down malicious e ...

This question was auto closed due to inactivity

Back to Software Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums