Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Locate Yaha.E source

Status
Not open for further replies.
JimInKS

JimInKS

MIS
Jun 4, 2002
464
US
I have a user that is receiving the Yaha.E virus about once a day. We keep our AV definitions up to date so it is always detected, but it would be nice to be able to identify the source. Since the return address is spoofed is there a way to track these things down?
 
Sort by date Sort by votes
You might try checking your mail server logs, you'd at least get the IP address (and probably domain) of the mail server sending it to you, and assuming it's not AOL/Hotmail/Earthlink you could probably contact the mailserver admin and have them contact the user or block the account.
-Steve
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dcranford
  • Locked
  • Question
Outbound random traffic - source port increments by 1
Replies
3
Views
124
dcranford
dcranford
assarvahid
  • Locked
  • Question
Source code for Conficker 2
Replies
7
Views
207
kjv1611
kjv1611
licarse
  • Locked
  • Question
Tracking the source of a virus
Replies
3
Views
26
Salem
Salem
peacevanic
  • Locked
  • Question
The description for Event ID ( 514 ) in Source ( Brightmail )
Replies
0
Views
51
peacevanic
peacevanic
pelajhia
  • Locked
  • Question
Find out source of viruses?
Replies
4
Views
39
pelajhia
pelajhia

Part and Inventory Search

Sponsor

Back
Top