Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

how to trace the sender of a virus

Status
Not open for further replies.

OllieD

Technical User
Aug 21, 2004
3
GB
Hi
How can I trace the the person who is sending me viruses on a daily basis (up to 10 viruses a day for the last 10 days) their email address has remained the same for the past 4 days and I have sent an email back to it from a temporary email address and it didn't bounce back so it must be a ligitimate address, at least for the moment.
Here is the header for the message, my domain and email has been changed to 'private':-

Return-Path: <familie.smits@skynet.be>
Delivered-To: private.com!-private@private.com
Received: (qmail 30422 invoked from network); 6 Jul 2002 13:39:42 -0000
Received: from unknown (HELO riker.skynet.be) (195.238.3.89)
by mail.d-n-a.net with SMTP; 6 Jul 2002 13:39:42 -0000
Received: from relay.skynet.be (80-200-1-84.adsl.powered-by.skynet.be [80.200.1.84])
by riker.skynet.be (8.11.6/8.11.6/Skynet-OUT-2.19) with SMTP id g66DdY913310
for <private@private.com>; Sat, 6 Jul 2002 15:39:34 +0200 (MET DST)
(envelope-from <familie.smits@skynet.be>)
Message-Id: <200207061339.g66DdY913310@riker.skynet.be>
From: &quot;Marc P. Smits&quot;<familie.smits@skynet.be>
To: private@private.com
Subject: Fw: Are you looking for Love
Date: Sat,06 Jul 2002 15:38:38 PM
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=gsuiegu

Can anybody help me here?

Kind Regards
Ollie
 
I looked up on 195.238.3.89 and got this fairly obvious response

and it said
% This is the RIPE Whois server.
% The objects are in RPSL format.
% Please visit for more information.
% Rights restricted by copyright.
% See
inetnum: 195.238.0.0 - 195.238.31.255
netname: SKYNET-B
descr: Belgacom Skynet SA/NV
descr: Internet access provider
descr: A subsidiary of BELGACOM SA/NV
country: BE
admin-c: JFS1-RIPE
tech-c: PDH16-RIPE
rev-srv: ns1.skynet.be
rev-srv: ns2.skynet.be
rev-srv: ns3.skynet.be
rev-srv: ns4.skynet.be
status: ASSIGNED PI
mnt-by: SKYNETBE-MNT
changed: jfs@skynet.be 19981006
changed: piet@skynet.be 20000629
source: RIPE

route: 195.238.0.0/19
descr: Belgacom Skynet SA/NV
origin: AS5432
notify: noc@skynet.be
mnt-by: SKYNETBE-MNT
changed: jfs@skynet.be 19990422
source: RIPE

person: Jean-Francois Stenuit
address: Belgacom Skynet NV/SA
address: Rue Colonel Bourg 124
address: B-1140 Bruxelles
address: Belgium
phone: +32 2 706-1111
fax-no: +32 2 726-9829
e-mail: jfs@skynet.be
nic-hdl: JFS1-RIPE
remarks: ----------------------------------------
remarks: Network problems to: noc@skynet.be
remarks: Peering requests to: peering@skynet.be
remarks: Abuse notifications to: abuse@skynet.be
remarks: ----------------------------------------
mnt-by: SKYNETBE-MNT
changed: jfs@skynet.be 19970707
changed: tech@dns.be 19971003
changed: piet@skynet.be 19991210
changed: piet@skynet.be 20000302
source: RIPE

person: Pieterjan d'Hertog
address: Belgacom Skynet sa/nv
address: 2 Rue Carli
address: B-1140 Brussels
address: Belgium
phone: +32 2 706 13 11
fax-no: +32 2 706 13 12
e-mail: piet@skynet.be
nic-hdl: PDH16-RIPE
remarks: ----------------------------------------
remarks: Network problems to: noc@skynet.be
remarks: Peering requests to: peering@skynet.be
remarks: Abuse notifications to: abuse@skynet.be
remarks: ----------------------------------------
mnt-by: SKYNETBE-MNT
changed: jfs@skynet.be 19990415
changed: piet@skynet.be 19991210
changed: piet@skynet.be 20000302
changed: piet@skynet.be 20020329
source: RIPE


So you could send an email including the complete header that you have posted to abuse@skynet.be

I've had some success with doing this with Klez.


Go to and then extended search. There are quite a few Marc Smits.

Best of luck. It's a right pain. Peter Meachem
peter@accuflight.com
 
Thanks Peter
I appreciate your help, I'll send an email to the address you mentioned

Many Thanks
Ollie
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top