|
|
|
|
 |
November 8th, 2003, 05:01 AM
|
 |
Shrapnel Fanatic
|
|
Join Date: Dec 2000
Location: USA
Posts: 15,630
Thanks: 0
Thanked 30 Times in 18 Posts
|
|
Re: OT: W32.Swen.A@mm
Quote:
Originally posted by Imperator Fyron:
AT, most email viruses send themselves out by stealing address books, and fake their origin. The person that is "sending" the virus probably is not even aware they have it.
|
I know that is why you block everything that comes in with it attached. I did this when that Last virus was being spread around a few weeks ago and presto no more problems.
The best way to get a person who has an infected system to address the problem is to post about it or reply to all of the mail - without send the attachment back.
But 99.9% of the emails you will receive are from people you don't know, so just block them.
__________________
Creator of the Star Trek Mod - AST Mod - 78 Ship Sets - Conquest Mod - Atrocities Star Wars Mod - Galaxy Reborn Mod - and Subterfuge Mod.
|
November 8th, 2003, 06:00 AM
|
 |
Shrapnel Fanatic
|
|
Join Date: Jul 2001
Location: Southern CA, USA
Posts: 18,394
Thanks: 0
Thanked 12 Times in 10 Posts
|
|
Re: OT: W32.Swen.A@mm
AT... just blocking everyone it comes from is not necessarily a good idea. What about all those people that you do know and want to get emails from?  |
November 8th, 2003, 09:13 AM
|
 |
Captain
|
|
Join Date: Nov 2002
Location: Finland
Posts: 864
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Re: OT: W32.Swen.A@mm
Quote:
Originally posted by Imperator Fyron:
AT, most email viruses send themselves out by stealing address books, and fake their origin. The person that is "sending" the virus probably is not even aware they have it.
|
Yeah I know all that. The person whose computer sends the virus mails to me aren't aware of it (I suppose). So I'd like to contact him and ask if he could remove the virus. But where I can dig out his email address? Here is the part of headers but I don't know if it's even possible resolve the user from that information.
code:
Received: from gjkx ([195.156.180.209]) by fep07.tmt.tele.fi
(InterMail vM.5.01.03.13 201-253-122-118-113-20010918) with SMTP
id <20031106193527.CUQU25859.fep07.tmt.tele.fi@gjkx >;
Thu, 6 Nov 2003 21:35:27 +0200
__________________
'The surest sign that there is intelligent life elsewhere in the universe is that none of it has tried to contact us.' Calvin and Hobbes
Are you tough enough to be the King of the Hill?
|
November 8th, 2003, 10:27 AM
|
|
Shrapnel Fanatic
|
|
Join Date: Jul 2001
Location: Southern CA, USA
Posts: 18,394
Thanks: 0
Thanked 12 Times in 10 Posts
|
|
Re: OT: W32.Swen.A@mm
Does stuff in the "code" tags display much smaller than the rest of the post text for you?
Unless that is your IP address listed in there (or that of your email provider) along with that DNS, look into who owns the domain. That might at least tell you what domain the address is from. Other than that, I have no idea what most of it means.  |
November 8th, 2003, 12:42 PM
|
|
Captain
|
|
Join Date: Nov 2002
Location: Finland
Posts: 864
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Re: OT: W32.Swen.A@mm
Quote:
Originally posted by Imperator Fyron:
Does stuff in the "code" tags display much smaller than the rest of the post text for you?
|
Nope. The text in code tags are same size than elsewhere, just a different font.
Quote:
Originally posted by Imperator Fyron:
Unless that is your IP address listed in there (or that of your email provider) along with that DNS, look into who owns the domain. That might at least tell you what domain the address is from. Other than that, I have no idea what most of it means.
|
No, it's not my IP address. I did whois query and now I know who owns the domain. But that's not enough. I need to know the person's username or email address as well before I can do something. The person uses dial up so he has a different IP address every time he logs in.
Is there anything I can do if he's Online and I know his IP (this is the case if I'm Online when I get the virus message)? Any way to send a message to a computer just knowing its IP?
__________________
'The surest sign that there is intelligent life elsewhere in the universe is that none of it has tried to contact us.' Calvin and Hobbes
Are you tough enough to be the King of the Hill?
|
November 24th, 2003, 02:43 AM
|
 |
Private
|
|
Join Date: Jan 2003
Location: Scotland
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Re: OT: W32.Swen.A@mm
As this particular worm just uses your basic email forgery examine the headers for a line begining X-From: and the address after that is the address of where the email came from.
I'm now flooded with these things after someone picked up my email address from a Usenet group
EDIT: See the below headers for an example and also if you dont want to contact the person directly contact the ISP with the message ID
X-UIDL: 1069597232.H632161P27369.imailg2.svr.pol.co.uk
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-From_: sales@thingsgraphics.com Sun Nov 23 14:20:32 2003
Return-path:
Envelope-to: kris@kirok.fsnet.co.uk
Delivery-date: Sun, 23 Nov 2003 14:20:32 +0000
Received: from [65.220.84.2] (helo=mail.webgeneral.com)
by imailg2.svr.pol.co.uk with esmtp (Exim 4.14)
id 1ANv5g-0006T2-DC
for kris@kirok.fsnet.co.uk; Sun, 23 Nov 2003 14:19:56 +0000
Received: from bkakl [138.88.19.242] by mail.webgeneral.com
(SMTPD32-7.15) id A63329E901FA; Sun, 23 Nov 2003 08:29:23 -0500
FROM: "MS Network Security Center"
TO: " "
SUBJECT: New Net Security Update
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="ymxuezhhziklftgay"
Message-Id: <200311230830437.SM00361@bkakl>
Date: Sun, 23 Nov 2003 09:17:33 -0500
[ November 24, 2003, 00:50: Message edited by: Kirok ]
|
| Thread Tools |
|
|
| Display Modes |
 Hybrid Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is On
|
|
|
|
|
