I-Worm.NetSky.t

C

Cyrus

Hi:

I am getting a lot of infected mails with the above virus. I was told to do the
following:

"If one of the bounce backs returns the message with all headers intact it is
sometimes possible to trace the originating IP address from the routing
information. You can use any one of a dozen network look up tools to
identify the originating host, and so possibly the originating, infected,
machine. Then, you can send an email highlighting the URL posted above
and ask them to clean their act up."

Can you help me on what is a network look up tool and on how to find the
originating machine and host?

many thanks
cyrus
 
A

Adam Bailey

Cyrus said:
Hi:

I am getting a lot of infected mails with the above virus. I was told to do
the
following:

"If one of the bounce backs returns the message with all headers intact it is
sometimes possible to trace the originating IP address from the routing
information. You can use any one of a dozen network look up tools to
identify the originating host, and so possibly the originating, infected,
machine. Then, you can send an email highlighting the URL posted above
and ask them to clean their act up."
Click to expand...

This is not correct. You may learn the hostname of the infected
machine, but not the owner's email address.
 
B

Barry N. Wainwright

This is not correct. You may learn the hostname of the infected
machine, but not the owner's email address.
Click to expand...

Let me clarify that statement - when I wrote it I meant that it may be
possible to identify the host machine of the originating message, and that
knowledge may give you sufficient clues to identify the actual person who
may have you in their address book. For example, if I was able to identify
that the infected email came from someone at xyz.com then I may know that
uncle Fred works at that company and he is likely to be the one with my name
in hios address book. I did not mean that you would be able to extract the
original sender's email address.

--
Barry Wainwright
Microsoft MVP (see http://mvp.support.microsoft.com for details)
Seen the Entourage FAQ pages? - Check them out:
<http://www.entourage.mvps.org/toc.html>

Please post responses to this newsgroup. If I ask you to contact me
off-list, remove '.INVALID' from email address before replying.
 
Top