quispquake
(1000+ posts)
Send PM |
Profile |
Ignore
|
Thu Oct-09-03 02:24 PM
Original message |
SWEN Virus...any idea how to identify sender? |
|
Edited on Thu Oct-09-03 02:27 PM by perkypat23
I am so damned SICK of these emails...for three weeks plus I have been receiving one of these viruses every 15 minutes...it keeps filling my email box up, and it just won't stop...
I've looked at header info, and I can't find out what machine these are originating from...any ideas from some of the more technical savvy? This is getting really ridiculous...
Thanks for the help! perkypat23
edited to fix name of virus from SVEN to SWEN
|
Bossy Monkey
(1000+ posts)
Send PM |
Profile |
Ignore
|
Thu Oct-09-03 03:02 PM
Response to Original message |
|
These things usually spoof the FROM line; this one seems to create fake ones indicating that it's coming from an ISP, Microsoft, of a system administrator: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100662Sorry
|
quispquake
(1000+ posts)
Send PM |
Profile |
Ignore
|
Thu Oct-09-03 03:20 PM
Response to Reply #1 |
|
It's just driving me CRAZY! at 150K apiece, it fills my email box up every 8 hours...Half of me thinks it's a clueless friend that's infected, and the paranoid half thinks someone got pissed with something on my site (www.perkypat.com), and they're bombarding me with viruses...
I've got a program called "Mailwasher" that only downloads the headers, and then I can delete the messages with it...it's made the problem bearable, but no less annoying...
pp23
|
Olivier
(157 posts)
Send PM |
Profile |
Ignore
|
Thu Oct-09-03 03:25 PM
Response to Original message |
3. Take a look to the message headers |
|
You should see the originating IP address of the sender. Because the infected guy might have your address in his address book, you probably already received a "real" e-mail from him. If his IP address is permanent, you should be able to identify him by searching your received messages for it.
|
Noordam
(1000+ posts)
Send PM |
Profile |
Ignore
|
Thu Oct-09-03 05:17 PM
Response to Original message |
4. Here is the message header from one I received |
|
Status: U Return-Path: <admin@duma.gov.ru> Received: from localhost (<66.141.119.121>) by emu (EarthLink SMTP Server) with SMTP id 1a072o6kA3NZFnx0 for <ME>; Thu, 18 Sep 2003 15:14:07 -0700 (PDT) From: "Microsoft" <security@microsoft.com> To: <ME> Subject: Use this patch immediately ! MIME-Version: 1.0 Content-Type: multipart/mixed;boundary="xxxx" Message-Id: <200309181514.1a072o6kA3NZFnx0@emu> Date: Thu, 18 Sep 2003 15:14:07 -0700 (PDT)
the return path sometimes tells who sent it. In this case from the Duma (congress) in Russia. lol
|
DU
AdBot (1000+ posts) |
Sat May 04th 2024, 12:29 AM
Response to Original message |