Problem solve Get help with specific problems with your technologies, process and projects.

Detecting a Lovelorn-infected PC in the internal network

How do you detect a Lovelorn virus-infected PC in the internal network to stop its mass-mailing payload? Given...

that our firewall uses NAT to hide internal IP addresses, how do I go around this to determine the culprit?

As will always be the case, the first way to look for a virus is using a virus scanner. You should have up-to-date AV software installed on all your machines already, but it sounds like that it not the case. This may be a way to get more upper-management approval for a process of updating the AV software and ensuring that it is installed on all machines.

A few other things to try, courtesy of my friends in AVIEWS:

  • Perform a review of the firewall logs. Look for someone (other than the corporate e-mail server) sending quantities of port 25 traffic, especially after office hours.
  • Given that this worm also harvests e-mail addresses from Web pages, you could place a honeypot e-mail address on some common internal Web sites -- a non-visible "mailto:" tag is all it takes.
  • I hope this helps you track down the offending machine and stop it.

    For more info on this topic, check out these SearchSecurity.com resources:
  • Best Web Links: Malware
  • Featured Topic: Focus on viruses
  • Best Web Links: Secure Messaging

  • This was last published in July 2003

    Dig Deeper on Malware, virus, Trojan and spyware protection and removal

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Please create a username to comment.