NotoriousREV

I've been regularly getting viruses sent to me, which thankfully my av software has been managing, but I finally had some time to try and figure out where it was coming from and it was all from the same IP address.

So I do a whois at RIPE and find that the IP address belongs to an IT Consultancy firm. I've just sent a lovely e-mail to their MD

darlodge

Let me quess. Assetz. We had 1 email every minute for 2 weeks

Darren

GaryK

rev,

how do you that? I get loads of virus emails daily now and its getting a joke. Would like to do a little more, its a pity you cant setup rules at isp level so I dont even receive them.

cheers

Gary

NotoriousREV

Some ISP's do offer AV screening and anti-spam, but you have to make it so that you can opt in or out (what may be spam to you could be useful to someone else).

For Outlook Users:

Right-click on the offending e-mail and select Options off the menu with the left button.

At the bottom of the dialogue box, is a section marked "Internet Headers". This is where to start looking.

You need the line that says "Received: from [123.456.789.123]" the bit in the square brackets is the IP address. Now, your message may have been bounced from mail server to mail server, so check the date stamps to work out the oldest, which is your starting computer and is the one with the problem.

You can then use various tools to see who owns that IP address (if it's a European IP address, go to www.ripe.net, go to the whois db and put the address in there and it gives the ownership details.

99% of the time the IP address belongs to a large ISP, in which case you could try sending an e-mail to abuse@[isp.name] but I wouldn't hold your breath. On this occasion I got lucky and the address belonged to a small-ish company and there was a contact name listed.

I love IT detective work

Nog

MessageLabs - that's the answer. Bl**dy fantastic.

Before anyone asks, no I don't work for them - just been using their service for ~3 yrs now (just after the "I Love You" virus).