[PLUG] Virus Hunting
Chris Jantzen
chris at maybe.net
Tue Apr 6 14:46:01 UTC 2004
On Sat, Apr 03, 2004 at 10:36:17AM -0800, dan at fiddlers-green.info wrote:
> I'm helping a group track down someone one their mailing list who
> has gotten the W32/Netsky.p at MM virus. That person keeps blasting the
> entire list with infected mails. I was hoping someone might have
> tips on how to track down the individual. Personally I would start
> with the mail server logs, but beyond that I'm a newbie.
I'd start by looking at the "Full Headers" of the email message and
examining the Received: chain. It can help you figure out who his ISP
is at least.
--
chris kb7rnl =->
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.pdxlinux.org/pipermail/plug/attachments/20040406/990d2279/attachment.asc>
More information about the PLUG
mailing list