Security Basics mailing list archives

RE: Tracking down anonymous user

From: <jbeauford () EightInOnePet com>
Date: Fri, 29 Dec 2006 09:44:13 -0500

Another way to go about this is to find some unique part of the email
that may help identify the tool used to craft it.  For instance,
Ghostmail.  If you can identify the program used, in my case (GM.exe by
default), you might be able to search some filesystems for the
particular program.  Also, what about searching for all files accessed
on the date the email was sent?  The email was probably sent from some
admin machine. 

Just some thoughts.

JMB


mikef () everfast com wrote:

I thought it was odd that outlook didn't display any header
information either. I checked for the headers at the recipient's
computer but it's blank. I've been through all the log files that I
have and made some adjustments for future requirements. The part that
really has me concerned is that the account used is a high level
account which should only be used for SQL processes.

Current thread:

Tracking down anonymous user mikef (Dec 27)
- RE: Tracking down anonymous user Mike Erne (Dec 29)
- Re: Tracking down anonymous user intel96 (Dec 29)
- RE: Tracking down anonymous user Thomas D. (Dec 29)
- RE: Tracking down anonymous user Murda Mcloud (Dec 29)
- RE: Tracking down anonymous user tima soni (Dec 29)
- <Possible follow-ups>
- Re: Tracking down anonymous user mikef (Dec 29)
  - Re: Tracking down anonymous user Raoul Armfield (Dec 29)
  - RE: Tracking down anonymous user jbeauford (Dec 29)
- Re: Tracking down anonymous user bobby . breeze (Dec 29)
- Re: Tracking down anonymous user svavar (Dec 29)
- RE: Tracking down anonymous user Christopher Carnelian (Dec 29)