Netsky.b question

Discussion in 'malware problems & news' started by scabbo1, Mar 1, 2004.

Thread Status:
Not open for further replies.
  1. scabbo1

    scabbo1 Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    6
    anyway to track netsky.b sender? I keep getting emails with the infection and I'd like to help out the sender. How would I be able to do this? The virus uses an email spoof
     
    scabbo1, Mar 1, 2004
    #1
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    That's virtual impossible in case of a spoofed email address sending.

    regards.

    paul
     
    Paul Wilders, Mar 1, 2004
    #2
  3. scabbo1

    scabbo1 Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    6
    Thanks Paul.

    I hate "virtually impossible" stuff :)
     
    scabbo1, Mar 1, 2004
    #3
  4. scabbo1

    scabbo1 Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    6
    Ok so I am giving this more thought and wondering why this is impossible? Can't I track the IP of where the email came from?

    I would have to take into considerations some general assumptions after I got an IP like - who do I know that most certainly has my email address in the optonline network etc but how close can you actually get to reverse tracking.

    Tell me why I am wrong please - I love learning. Thanks Paul!
     
    scabbo1, Mar 2, 2004
    #4
  5. izi

    izi Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    354
    Location:
    Slovenia
    For OE:
    1. Clik on infected email
    2. ALT+Enter
    3. details
    4. Received: from IP address from sender. With this information u could get sender.
    5. If you want, U could send email to administrator of IP.

    Izi
     
    izi, Mar 2, 2004
    #5
  6. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    For starters, countless ISP accounts use non-static IPs. Thus, you would be forced to find out the netblock owner, provide a full detailled log coming with the exact time etc. After that, it's up to the ISP wether or not to spend valuable time to verify their logs in order to determine which client actually used the variable IP at that exact time. a time-consuming and costly business - and therefore most ISPs won't do so.

    Just one example ;)

    I stated virtually impossible for good reasons - at times, it can be done. The odds are against mostly though.

    regards.

    paul
     
    Paul Wilders, Mar 2, 2004
    #6
  7. scabbo1

    scabbo1 Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    6
    I understand. Thanks again.
     
    scabbo1, Mar 2, 2004
    #7
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...