detect programs sending silent email

Is there a program or command line script, etc.. that will take and scan the computer to see if any program is using email to send out malware? I have a user who got a mass email from his contacts and wanted to make sure he/they are not spreading the virus/trojan via email.
Thanks!



Wireshark is very well known and free. There is a fairly steep learning curve.

From the website .....
Wireshark is a network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It has a rich and powerful feature set and is world's most popular tool of its kind. It runs on most computing platforms including Windows, OS X, Linux, and UNIX. Network professionals, security experts, developers, and educators around the world use it regularly. It is freely available as open source, and is released under the GNU General Public License version 2

https://www.wireshark.org/



Wireshark is very well known and free. There is a fairly steep learning curve.

From the website .....
Wireshark is a network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It has a rich and powerful feature set and is world's most popular tool of its kind. It runs on most computing platforms including Windows, OS X, Linux, and UNIX. Network professionals, security experts, developers, and educators around the world use it regularly. It is freely available as open source, and is released under the GNU General Public License version 2

https://www.wireshark.org/



thanks!



Microsoft Network Monitor might be a better choice - while Wireshark is superior in it's packet analysis, MNM identifies which program traffic belongs to - so helping identify where a given email is coming from on the machine.



You could be right there Dave, however, according to this Network Monitor
has been replaced by Microsoft Message Analyzer

What do you think?



MMA is a nightmare to get started - It can clearly do a lot more than MNM could, but while an unskilled user could get MNM up and running in seconds, it took me nearly half an hour to get traces reliably (I had to install intercept providers separately), and they lacked the per-program itemization that MNM gave. Your experience could be different of course; but I still recommend using the last (3.4) MNM from microsoft's archive for people who just want to hit the ground running, and wireshark if you want the in-depth dissectors that are still superior to those shipping with MMA.

MMA comes into it's own if you are analyzing non-network traffic - it is a much more general protocol-analysis tool than either MNM or Wireshark, which are very IP-centric, but because of that, not very approachable for a non-expert in the field (and clearly given my struggles with it, I am not expert enough :D )

Share this

Related Posts

There was an error in this gadget