Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Can I tell where these virus emails are coming from?

I am receiving identical emails with the same virus. Only the
senders name is changing each time. Is it possible that it’s coming from the
same source and the identity is being changed? And if so, how can I track down
the sender?

Well, with viruses being what they are, an being as pervasive as they are,
it is quite possible that they’re coming from the same source.

But it’s also just as possible that they’re not.

Become a Patron of Ask Leo! and go ad-free!

Some classes of virus do exactly what you describe: they randomly change the
“From:” attribute of the mails that they send. They’ll typically infect
someone’s machine, and raid their address book, using the addresses therein for
both the “To:” line, to propagate the virus, and the “From:” line to obfuscate
the source. Occasionally they’ll also use the “Bcc:” line to confuse things
even further – you suddenly get mail that’s sent to someone else and your email
address doesn’t appear on it at all.

But the other scenario is also possible. Viruses tend to attack in waves.
Particularly when a virus is new, and the anti-virus products haven’t been
updated to detect it, it can infect a large number of machines quickly. In this
case you might well receive the same virus-laden email from several different
sources in a short period of time.

Tracking down the source of either tends to be difficult, since spammers and
virus writers these days go to great lengths to obfuscate that information. You
can look at the raw email headers (how to get at them varies depending on your
email client) and often see the path that the email took from machine to
machine on its way to you. That may help some, but it often only leads
to a general idea, such as “an ISP”, rather than a specific individual or
machine. It can be done, but it’s not really easy to track all the way to the

My advice: delete ’em & carry on.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.