Latest Greatest Lobby Journals Search Options Help Login

Site search Web search

SWEN Virus...any idea how to identify sender?

Printer-friendly format Email this thread to a friend Bookmark this thread

This topic is archived.

Home » Discuss » The DU Lounge

 

quispquake (1000+ posts) Send PM | Profile | Ignore

Thu Oct-09-03 02:24 PM Original message

SWEN Virus...any idea how to identify sender?

Edited on Thu Oct-09-03 02:27 PM by perkypat23 I am so damned SICK of these emails...for three weeks plus I have been receiving one of these viruses every 15 minutes...it keeps filling my email box up, and it just won't stop... I've looked at header info, and I can't find out what machine these are originating from...any ideas from some of the more technical savvy? This is getting really ridiculous... Thanks for the help! perkypat23 edited to fix name of virus from SVEN to SWEN

Printer Friendly | Permalink |  | Top

Bossy Monkey (1000+ posts) Send PM | Profile | Ignore

Thu Oct-09-03 03:02 PM Response to Original message

1. Don't think so

These things usually spoof the FROM line; this one seems to create fake ones indicating that it's coming from an ISP, Microsoft, of a system administrator: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100662 Sorry

Printer Friendly | Permalink |  | Top

 

quispquake (1000+ posts) Send PM | Profile | Ignore

Thu Oct-09-03 03:20 PM Response to Reply #1

2. Thanks anyways!

It's just driving me CRAZY! at 150K apiece, it fills my email box up every 8 hours...Half of me thinks it's a clueless friend that's infected, and the paranoid half thinks someone got pissed with something on my site (www.perkypat.com), and they're bombarding me with viruses... I've got a program called "Mailwasher" that only downloads the headers, and then I can delete the messages with it...it's made the problem bearable, but no less annoying... pp23

Printer Friendly | Permalink |  | Top

 

Olivier (157 posts) Send PM | Profile | Ignore

Thu Oct-09-03 03:25 PM Response to Original message

3. Take a look to the message headers

You should see the originating IP address of the sender. Because the infected guy might have your address in his address book, you probably already received a "real" e-mail from him. If his IP address is permanent, you should be able to identify him by searching your received messages for it.

Printer Friendly | Permalink |  | Top

 

Noordam (1000+ posts) Send PM | Profile | Ignore

Thu Oct-09-03 05:17 PM Response to Original message

4. Here is the message header from one I received

Status: U Return-Path: <admin@duma.gov.ru> Received: from localhost (<66.141.119.121>) by emu (EarthLink SMTP Server) with SMTP id 1a072o6kA3NZFnx0 for <ME>; Thu, 18 Sep 2003 15:14:07 -0700 (PDT) From: "Microsoft" <security@microsoft.com> To: <ME> Subject: Use this patch immediately ! MIME-Version: 1.0 Content-Type: multipart/mixed;boundary="xxxx" Message-Id: <200309181514.1a072o6kA3NZFnx0@emu> Date: Thu, 18 Sep 2003 15:14:07 -0700 (PDT) the return path sometimes tells who sent it. In this case from the Duma (congress) in Russia. lol

Printer Friendly | Permalink |  | Top

 

DU AdBot (1000+ posts)

Thu May 02nd 2024, 12:45 PM Response to Original message

Advertisements [?]

Top

Home » Discuss » The DU Lounge

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC