Anyone skilled at tracing emails?

[Rocky 1,224]

I have no clue why someone would specifically target me with a virus, sending me it in an email with a "Island thunder" subject line, takes all sorts I suppose.

Anyway, if anyone has the skills to back track an email and knows when an email has been spoofed and such like, here;s the message header.

Return-Path: <joe@joegraff.com>

Received: from mr10.verisignmail.com (vmmrnat.verisignmail.com [216.168.230.187])

by cd-mate.com (8.11.6/8.11.6) with ESMTP id h5O05C419984

for <Rocky@ghostrecon.net>; Tue, 24 Jun 2003 01:05:12 +0100

Received: from ms3.verisignmail.com (ms3.verisignmail.com [216.168.230.176] (may be forged))

by mr10.verisignmail.com (Mirapoint Messaging Server MOS 3.2.2-GA)

with ESMTP id ABV43315;

Mon, 23 Jun 2003 20:14:31 -0400 (EDT)

Received: from Glpuyctm (ip68-98-173-130.nv.nv.cox.net [68.98.173.130])

by ms3.verisignmail.com (Mirapoint Messaging Server MOS 3.2.2-GA)

with SMTP id AJF19001;

Mon, 23 Jun 2003 20:14:21 -0400 (EDT)

Date: Mon, 23 Jun 2003 20:14:21 -0400 (EDT)

Message-Id: <200306240014.AJF19001@ms3.verisignmail.com>

From: jrpmopar <jrpmopar@chartertn.net>

To: Rocky@ghostrecon.net

Subject: Island Thunder now.

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary=Y3W4nl6NE6464DLp34Zj55F8x8F937K44R7C

Status:  

--Y3W4nl6NE6464DLp34Zj55F8x8F937K44R7C

Content-Type: text/html;

Content-Transfer-Encoding: quoted-printable

<HTML><HEAD></HEAD><BODY>

<iframe src=3Dcid:Lkxc3X72 height=3D0 width=3D0>

</iframe>

<FONT></FONT></BODY></HTML>

--Y3W4nl6NE6464DLp34Zj55F8x8F937K44R7C

Content-Type: audio/x-wav;

name=ghostrecon[1].pif

Content-Transfer-Encoding: base64

Content-ID: <Lkxc3X72>

[firefly2442 0]

Try a traceroute on the IP, if it's the actual IP...it may just lead back to the ISP but you might get lucky.

[NightCrawler 137]

Try this one Rocky it might be of some help.

http://visualroute.visualware.com/

[Specter 0]

The site that NC mentioned has an awesome program called Visual Email Tracker.

It should give you what you need.

Chances are though, the info in the header and the addy are forged, but that proggy is your best shot at it.

Edited June 24, 2003 by phantom110565

[WytchDokta 6]

I get emails like that sometimes.

They have subject lines like:

"Helhuklo wekliicome to myei hjyouse"

You can tell it's a virus because when u open they're blank. and the subject line is all jumbled up letters that don't make sense.

When I receive 'em they go straight in the bin.

Norton Anti-Virus 2003 is good at finding they virus emails. And stopping them. That Why I got it.

[Rocky 1,224]

- .:Nightmare:.,Jun 24 2003, 08:26 ] I get emails like that sometimes.

That was my point though - this was not a standard virus spammed out to thousands of unknown people, this was a single virus designed and targetted specifically for Rocky - complete with GhostRecon and Island Thunder wording to fool me into opening it.

Except I aint as much a fool as the dope that sent it.

[Rocky 1,224]

The site that NC mentioned has an awesome program called Visual Email Tracker.

Ah, I didn't know they had that tool. I tried it and it just gave me a few lines about headers that were probably faked etc etc, nothing concrete to go on at all

[NightCrawler 137]

Have you run a Google search for anything else?

[Specter 0]

Tracking emails can be tough, without some very sophisticated, and sometimes very expensive programs.

Its too easy to forge headers and piggyback addresses.