Problem solve Get help with specific problems with your technologies, process and projects.

Tracking down virus distributors for civil litigation

I am receiving the Klez worm almost daily. I have used programs like Sam Spade and Spam Punished to identify the...

sender's ISP. I have repeatedly contacted the ISP requesting their help in identifying the perpetrator but I only get the standard "thank you" e-mail in response.

Are there any federal law enforcement agencies that have an interest or responsibility in tracking these criminals? Have any victims, to your knowledge, been successful in civil litigation against the non-cooperative ISP?

You may not realize this, but the Klez worm spoofs the "from" address. It pretends to come from , but really has come from somewhere else.

Complaining to ISPs about Klez is not going to get you much sympathy. They do not generally do anything about this sort of incident -- Klez is too widespread, and they probably doubt that you have correctly identified the sender. I would suggest that you not waste more time on this. It is far more efficient to set up some sort of spam block with your ISP, if you can. Failing that, configure your e-mail program to delete those messages with the relevant subject lines used by Klez. You can find these listed at antivirus vendor sites. Since I started doing that in July 2002, I've caught about 60 copies. Once I had the most common subject lines configured, it has been a rare case of an example of Klez getting through to my inbox.

Federal law enforcement agencies will get involved in cases involving substantial financial losses. I suspect the cut-off is somewhere around $50,000 -- if you cannot prove losses superior to an amount like this, they do not have the resources to chase the authors of these critters.

I'm not aware of anyone taking an ISP to court over this, let alone winning a case. ISPs generally do not get involved in the content transmitted, except in cases of child pornography and national security. I would guess that the first thing the ISP's lawyers would do is question your capability to determine who actually sent the e-mail in question. Unless you had a lot of time and technical resources/experts on your side, as well as the cooperation of the critical links in the Internet chain between your machine and the "source," you'd have a tough time proving your case.

I know it can be frustrating dealing with these critters. At the same time, there are some things we can do and some things not worth the effort.

If you want to have an impact on the virus/worm problem, start locally by helping educate young people about the implications of writing these things.

For more information on this topic, visit these other SearchSecurity.com resources:
Ask the Expert: Fighting back against virus writers

This was last published in January 2003

Dig Deeper on Hacker tools and techniques: Underground hacking sites

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.