ANSTHRLD - Virus from Who?
Darin K. Herndon
darin-herndon at utulsa.edu
Mon Mar 26 20:41:55 PST 2001
Daniel wrote:
>I've never been able to figure out how to tell who sent
>the "Snow White" virus. How?
Daniel, you have to look at the full header info of the email. If
you use an email program that consolidates all of the lines of stuff
at the beginning of an email, there should either be a setting or an
attached file that contains all of the RFC822 required info. Once
you find this info, there is an originating IP line. This is the
actual mail server that the virus forwarded through. As you are
aware, the virus changes the sent from address to
"hahaha at sexyfun.net" so the excerpted info will not give enough info.
For more info, try www.sexyfun.net. As I understand it, that domain
did not actually exist before the virus. Some anti-virus people
registered the domain and posted info about combatting the virus. I
haven't actually been there myself. I get my info through
www.sarc.com (Symantec's Anti-virus Research Center).
Once you trace down the actual mail server that the mail came from,
check your address book for people from that domain or parent domain.
Etienne
============================================================================
Go to http://lists.ansteorra.org/lists.html to perform mailing list tasks.
More information about the Heralds
mailing list