Thank you very much for taking time to consider this question. What do you recommend for a general user who needs to trace the origin and route of TCP/IP data associated with an e-mail message? My SOHO computer is infected by some form of malware. The ISP's tech support could not resolve it; the relevant "abuse@" site has not responded to a query. For professional reasons, it is important that make a diligent effort to track where any rerouted messages with confidential information may have ended up. I've done what I can with Traceroute and IP Lookup, and sites that provide guidance on tracing e-mails. I'm out of ideas.
Background: The balance of this message provides additional detail that may assist your assessment. I use a stand-alone system that runs both Mac and Windows; the webmail service was provided by an major ISP accessed via a standard router.
Indicators: There three known indicators: (1) In creating a new e-mail message, the drop-down box in the "From" line generates a second bogus address just below my correct e-mail address; (2) For messages forwarded from my address, the anomaly transmits a duplicate copy of the message to an unknown mail-server. (This was revealed when a message I forwarded with an incorrect address sent back a "Delivery Failed" notification) (3) the ISP tech support staff accessed my system and attributed the anomaly to "spyware." When they could not remove the anomaly, they referred me to their "abuse@" site.T hat entity provided an automated response 10 days ago, and nothing since.
Status: To date, I have used the IP address generated by the return notice to identify public IP addresses. Test messages sent to the bogus e-mail address (which drops down from the From line) returned header information that identified the "original recipient" as an unknown UserID and mail server. Whois searches from several sites reported that the UserID and Host Name are "not found" or are non-existent. Before giving up, I'd like to know if there are other open source tools or tracing methods that a user with no training in computer forensics should try and can use reliably. Best,
PS: Please forgive my use of a pseudonym. But as a sole practitioner, this experience has left me gun shy about e-mail and submissions to websites. For the time being, I've switched to a more secure web-mail service and take other precautions that seem to make sense.
Software/Hardware used: Use both Mac and Windows with Parallels.
Free Guide: Managing storage for virtual environments
Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!