After years of easy living, my Norton AntiVirus is now having to work for a living (and performing pretty well BTW). Someone somewhere is infected with W32.Netsky.P@mm and sending me infected emails 2 or 3 times a day. The problem is the from field is spoofed so I don’t know who it is. Can anybody suggest a course of action to track this down so I can put a stop to it?
Tens of thousands of PCs have netsky. You can no more stop the influx of mail than you can stop the weather.
You can filter it out with a junk mail filter to keep it out of your sight. But there’s nothing practical you can do to stop the problem at its source, other then wait for the infected people to collectively clean up their machines. By which time they’ll catch something else that’s going around and the cycle will continue.
You might be able to read the headers and find out what ISP the mail comes from, but if that turns out to be a major ISP (e.g., AOL, MSN, etc.), you’re out of luck.
Remember, the person infected does not have to be anyone you know, just someone who has your e-mail address somewhere on your computer.
Just filter the messages.
The one thing that can’t be spoofed in the header is the path the e-mail took to get to you. You can use that to figure out what mail server it came from, but you won’t be able to track it down to an individual. The best you can do is send the ISP that owns the mail server a message telling them that one of their folks is sending out a virus, and include the entire header of the e-mail as sometimes the mail server will put some code in there to identify the user.
Don’t expect anything practical to come out of this though. As others pointed out, thousands of computers probably have the virus and you could spend an entire lifetime hunting them all down. The system administrators of the mail server involved also might be too swamped with other problems to do much about it, so even if you find the mail server where it came from it might not do any good.