Hi all. One of my past times is the computer game Diablo 2. Recently, our board has been 'spammed' and it's administrator, Morgana, has been plagued by e-mails with viruses attached (I presume). I'm just curious whether there was anyone here (administrators especially) that could offer expertise to help Morgana, our damsel in distress? This is her request:

Apr-16-02, 11:36 AM (CNT)
 "I need some help please"
        I am still receiving a virus attachment via email. If somoene can help me trace this one, I would really appreciate it. I will attach the email headers on this post. The virus is called worm_kler.exe

        the headers is as follows:

        Return-Path:
        Delivered-To: [email protected]
        Received: (qmail 18540 invoked from network); 16 Apr 2002 05:00:11 -0000
        Received: from unknown (HELO ammis03.alpha-mail.net) (63.164.93.119)
        by hydrogen.gamesquad.net with SMTP; 16 Apr 2002 05:00:11 -0000
        Received: from ammis02.alpha-mail.net (ammis02 <63.164.93.121>)
        by ammis03.alpha-mail.net (8.11.6/3.7W) with SMTP id g3G4xxF07247
        for ; Tue, 16 Apr 2002 13:59:59 +0900
        Received: from Hxctsfrh (<210.86.40.42>)
        by ammpri.alpha-mail.net (8.11.6/3.7W) with SMTP id g3G4x5p00698
        for ; Tue, 16 Apr 2002 13:59:06 +0900
        Date: Tue, 16 Apr 2002 13:59:06 +0900
        Message-Id: <[email protected]>
        From: support
        To: [email protected]
        MIME-Version: 1.0
        Content-Type: multipart/mixed;
        boundary="----=_NextPartTM-000-7934850c-7f03-4414-88fd-e896ccf9d1d6"

        Return-Path:
        Delivered-To: [email protected]
        Received: (qmail 18540 invoked from network); 16 Apr 2002 05:00:11 -0000
        Received: from unknown (HELO ammis03.alpha-mail.net) (63.164.93.119)
        by hydrogen.gamesquad.net with SMTP; 16 Apr 2002 05:00:11 -0000
        Received: from ammis02.alpha-mail.net (ammis02 <63.164.93.121>)
        by ammis03.alpha-mail.net (8.11.6/3.7W) with SMTP id g3G4xxF07247
        for ; Tue, 16 Apr 2002 13:59:59 +0900
        Received: from Hxctsfrh (<210.86.40.42>)
        by ammpri.alpha-mail.net (8.11.6/3.7W) with SMTP id g3G4x5p00698
        for ; Tue, 16 Apr 2002 13:59:06 +0900
        Date: Tue, 16 Apr 2002 13:59:06 +0900
        Message-Id: <[email protected]>
        From: support
        To: [email protected]
        MIME-Version: 1.0
        Content-Type: multipart/mixed;
        boundary="----=_NextPartTM-000-7934850c-7f03-4414-88fd-e896ccf9d1d6"

etc

Anyway, this is posted at D2Realm:

http://d2realm.com/cgi-bin/dcforum/dcboard.cgi

Thanks... any help would be appreciated!!

I have a friend who could use an answer to this as well. He's a gamer getting spammed with email virii.

Not sure if this is exactly what you need, but it's an IP tracing tool:

[url]http://www.all-nettools.com/tools1.htm[/url]

Thanks Metal_Head,

I'll copy and paste your lead in her forum.

________________________

If anyone else can help or has possible tips, please post. Thanks all!

The IP address 63.164.93.121 belongs to "alpha-mail.net", which is a Japanese ISP.  Unless the ISP is helpful, that will probably dead-end the search.

Thanks 71-Hour_Achmed! I'll relay that info!!!

[b][size=6][red]LINUX RULZ!!![/red][/size=6][/b]

Linux does not make you bullet proof.  I bet you 1000 bucks I can get root on your box in an hour or less...