How To Track the Source of Virus Attacks

Being able to protect your system from virus attacks is just half the job. How could you prevent it from happening again not just to you but to other likely targets as well? It's possible to track down the source of a virus attack and doing so will give you enough information to file a more effective complaint or perform other actions against the attack. The main tools for this endeavor are DNS and WHOIS.

  1. Perform a reverse DNS look up. The Domain Name System or DNS is the naming system used for identifying computers, services or any other resources in the Internet. Computers are able to locate each other in a network through IP (Internet Protocol) addresses. These are a series of numbers separated by dots such as '12.230.4500.26'. But this identification would be hard for people to remember. So we use domain names such as '' instead. In DNS every domain name has an equivalent IP address. Given a certain IP address you can use various web-based network utility tools that can execute a reverse DNS look up to find the equivalent domain name of an IP address (a forward look up is domain name to IP address). If you're operating a website from your own computer, then one way you can determine the occurrence of a virus attack is by going through the web server logs. These logs contain lists of IP addresses of the various computers that regularly access your server while their users visit or interact with your website. Enter the IP address of the suspected computer on a DNS look up site and see if it will yield a domain name. Using the domain name you can now perform a WHOIS look up.
  2. Perform a WHOIS look up. WHOIS ('who is') look ups are similar to DNS look ups except that this time you're searching for the registered owner of the domain name. This can also be performed through web-based network utility tools. Simply enter the domain name you traced through the reverse DNS look up in the appropriate field. A WHOIS look up will usually report back some contact information such as the administrator's or technical support's email address. Now you can send a complaint to these people and inform them in detail that their servers have been traced to be the source of a virus attack.

When a server or a network has been discovered to be the source of a virus attack, that doesn't necessarily mean the owner/user of the server is the actual perpetrator. It is quite possible that the server is being remotely controlled by someone else with malicious intentions. By informing the administrator that his server has been traced as a source of a virus attack, you're giving the administrator (if he's innocent) the opportunity to enact security measures and clean up his system.


Share this article!

Follow us!

Find more helpful articles: