Hi. I just would like to know how to know the exact computer name or the place where come from a worm (virus) like Bugbear.B... Here it's a copy of an e-mail with bugbear.B, with source code. When I do a "whois" of 142.169.1.123, it justs gave me the internet provider of this person. But it's not precise enough... i'm interest on it... thanks MIME-Version: 1.0 Received: from mc3-f6.law16.hotmail.com ([65.54.236.141]) by mc3-s5.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Sat, 19 Jul 2003 07:23:57 -0700 Received: from dartagnan.telusquebec.com ([142.169.1.123]) by mc3-f6.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Sat, 19 Jul 2003 07:23:08 -0700 Received: from laigle (ts1-189.f1832.globetrotter.net [142.169.142.245]) by smtp.globetrotter.net (iPlanet Messaging Server 5.2) with SMTP id ; Sat, 19 Jul 2003 10:23:07 -0400 (EDT) X-Message-Info: N4u0pqWW+O0FK/zWy/zAaJtag4N4KGPV Date-warning: Date header was inserted by smtp.globetrotter.net Return-Path: lindaprevostdesj@rocler.qc.ca Message-ID: X-OriginalArrivalTime: 19 Jul 2003 14:23:08.0647 (UTC) FILETIME=[46CFE770:01C34E01]

it appears to have originated from "lindaprevostdesj@rocler.qc.ca" via her mailserver "smtp.globetrotter.net" but that could have been spoofed.

No, it's not this person. I forgot to tell that the Bugbear.B virus put "fakes" e-mail addresses as the sender (they took that in the outlook contact list of the infected user)... so it's not this person.

Unless you cut off more of the header, it looks like it came from the 142.169.142.245 IP address out of Canada. And who ever machine is infected has the e-mail address of "lindaprevostdesj@rocler.qc.ca" in their OutLook address book. They also have your e-mail address in their OutLook address book for some reason also. So that might give you a clue who it is. But the only thing you can do, if you continue to get infected e-mail from that IP address, is copy all the headers into an e-mail and send it to the abuse@ e-mail address of the ISP so that they can contact their user. Don't attach the e-mails as it will get deleted by their virus scanner, just include the header text in your e-mail and let them take care of it.

Hi Daniel, The e-mail from dartagnan.telusquebec.com is from Canada. Telus is one of the major telephone providers in Canada. (Similiar to AT&T in the States) The telusquebec.com is from the province of Quebec. (However, it is usually telus.net not telus.com.) Here is a a customer service phone number for Telus in Quebec: which you could or not use to notify them that a customer is sending malicious e-mail out to the wild. (If it is them indeed or not.) CustomerService TELUS Québec Téléphone : 1 877 520-1212 As I am in a Western province of Canada,(Alberta- city of Calgary to be exact) Telus is VERY customer orientated and are VERY helpful. HOWEVER, if you are to phone Quebec, there may be some French options, just hold the line. Because French and English are the official langusges of Canada there should some English options. Hope this helps, K

thanks all of you! this website is so great! But I hope I could find a DOS command or something like that to find, one day, who send me this virus... Virus becomes more and more "intelligent" but I still want to stop it! :o)

does anyone could give me a DOS command for that (or in Unix)?