Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Locate Yaha.E source

Status
Not open for further replies.
JimInKS

JimInKS

MIS
Joined
Jun 4, 2002
Messages
464
Location
US
I have a user that is receiving the Yaha.E virus about once a day. We keep our AV definitions up to date so it is always detected, but it would be nice to be able to identify the source. Since the return address is spoofed is there a way to track these things down?
 
Sort by date Sort by votes
You might try checking your mail server logs, you'd at least get the IP address (and probably domain) of the mail server sending it to you, and assuming it's not AOL/Hotmail/Earthlink you could probably contact the mailserver admin and have them contact the user or block the account.
-Steve
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dcranford
  • Locked
  • Question Question
Outbound random traffic - source port increments by 1
Replies
3
Views
435
dcranford
dcranford
assarvahid
  • Locked
  • Question Question
Source code for Conficker
Replies
7
Views
567
kjv1611
kjv1611
licarse
  • Locked
  • Question Question
Tracking the source of a virus
Replies
3
Views
135
Salem
Salem
peacevanic
  • Locked
  • Question Question
The description for Event ID ( 514 ) in Source ( Brightmail )
Replies
0
Views
145
peacevanic
peacevanic
pelajhia
  • Locked
  • Question Question
Find out source of viruses?
Replies
4
Views
173
pelajhia
pelajhia

Part and Inventory Search

Sponsor

Back
Top