: Spam Warrior :
: Lately (as in the past few months [Ed.: Summer
2001]), I've been receiving literally gobs
: of spam. It's not your ordinary spam (although I get a little of that
: too). These are spam/viruses, most notably the Hybris worm, on which
: there's some excellent
: However, I'm attempting to fight back using what tools
: The interactive portion of this piece is that I'm going to walk you
: through what I'm doing (i.e. you're going to do it too).
: Here's a list of the date, IP, carrier and country from
which I've received
: a spam/virus over the course of a few days in July.
||Telefonos de Mexico
||Deutsche Telekom AG
||Chinanet-BJ of China Telecom
||Colt Telecom AG
||Chinanet Guangdong Province of China Tel.
||MobilCom Cityline GmbH
||PT. Cyberindo Aditama
: [Update] I'm also maintaining a more
complete log of all IP spamming me to date.
: Alright, let's get to work!
: Getting started :
: You'll need to find the IP address of an email you want
to trace. If you're
: on a Windows machine and/or using Outlook Express, this step is very
: dangerous. As far as I know, there's no way to get the originator's
: without openning an email. Since I'm on a Mac, I'm pretty safe from
: most virii.
:The first thing you want to do is to display the full
header that came with
: the email.
: Handily enough, I just now received another Hybris worm
for me to use
: as an example. The Spam Gods must be smiling on me today!
: I'm using Eudora, so I've displayed the full message
header by toggling
: the "Blah Blah Blah" button. In Outlook, select the message
: Edit > Properties. Not sure how to do it in Netscape.
: I've highlighted the important information. In blue
we have the originator's
: server name (the domain name entry) and the IP address. In yellow
: have the message ID that the server acc.haverford.edu used to log
: message transmission.
: (You might have noticed that I've now received 30 attachments named
: "enano porno.exe" !)
: Stalking the Spammer :
: With the originator's IP address in hand, we hop over
: http://samspade.org to do the dirty
work. You can do this from your own
: computer, but samspade provides many handy tools with a web-interface.
: I first conduct a Whois query, an IP block query and
a Tracerout. The Whois
: query returns ownership information that sometimes contains information
: about who owns the server that transmitted the email (which is typically
: culprit's ISP's computer unless the asshole is running his own mail
: The IP Block returns information about who owns the range of IP addresses
: into which our spammer falls. This is crucial for making contact upstream
: the sender. Finally, the Traceroute provides a transcript of machines
: lie between SamSpade.org and the target IP address.
: Let's see what comes up from