Re: How to figure out who sent the netsky virus?

From: Veronica Loell (lista_at_nakawe.se)
Date: 03/06/04

• Next message: David H. Lipman: "Re: Puter dummy needs help"
• Previous message: Mary: "Puter dummy needs help"
• In reply to: peter: "How to figure out who sent the netsky virus?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sat, 06 Mar 2004 17:10:05 +0100

peter wrote / skrev:

> I received more than a hundred emails with the netsky virus in the past two
> days. It is starting to annoy me.
>
> Out of the 150 or so email, I recognize about 3 of the names in the From
> field as people I know. It seems that the virus does not spoof the from
> field at random, but takes the info from somewhere. I'm guessing the it
> harvests the email addresses from the address book and randomly pick one as
> the from field, one as the To field. Could anyone confirm this hypothesis?
>
>

Here is how to track down the origin of the email (you won't get farther
than the ISP responsible for the IP-address)

How to report Virus-SPAM

1. Go to
http://spam.abuse.net/userhelp/howtocomplain.shtml
for help on locating the originating IP-adress
2a. Go to
http://www.abuse.net/lookup.phtml
for looking up the abuse-adress.
2b. An alternative to 2a. is to get the tool SamSpade
(http://www.samspade.org) and use it to do abuse.net lookups and
whois-lookups if there is no abuse.net-adress. There are of course many
such tools,
SamSpade is just one free tool that I happen to use.

Remember to
- 1. always include full headers (like you normally
would with spam-report)
- 2. always include a link to information about
the virus in question with your complaint/information-letter
- 3. never include the virus itself

Not every ISP or company will take it seriously, but some actually do.
If you spend a little time reporting just a couple you will probably
help cure at least one computer somewhere.

----------------------------------------------------

---

• Next message: David H. Lipman: "Re: Puter dummy needs help"
• Previous message: Mary: "Puter dummy needs help"
• In reply to: peter: "How to figure out who sent the netsky virus?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Im infected or someone else? ... theese reports do include the entire header of the message and if it ... is to get the tool SamSpade ... the virus in question with your complaint/information-letter ... help cure at least one computer somewhere. ... (microsoft.public.security.virus) Re: Email Worm ... How to report Virus-SPAM ... for help on locating the originating IP-adress ... is to get the tool SamSpade ... the virus in question with your complaint/information-letter ... (microsoft.public.security.virus) Re: 60+ Netsky emails in 5 days ... How to report Virus-SPAM ... is to get the tool SamSpade ... the virus in question with your complaint/information-letter ... help cure at least one computer somewhere. ... (microsoft.public.security.virus) abuse-reporting virus-spam Re: Virus ... What you can do is report it to the proper abuse-adress. ... the virus in question with your complaint/information-letter ... If you spend a little time reporting just a couple you will probably ... help cure at least one computer somewhere. ... (microsoft.public.security.virus) Re: email received today...virus?? ... How to report Virus-SPAM ... is to get the tool SamSpade ... the virus in question with your complaint/information-letter ... help cure at least one computer somewhere. ... (microsoft.public.security.virus)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.security.virus  > 2004-03