Viruses and malware seem to come from just about everywhere.
If you mean in general, I have some thoughts.
If you mean where those specific emails came from, there’s no 100% reliable way to tell.
Become a Patron of Ask Leo! and go ad-free!
Where malware comes from
These days, malware comes from everywhere, from hacker-wannabes to professional criminal organizations worldwide. There’s no practical way for you and I to determine the source. The best strategy is to focus on prevention via strong security and a healthy dose of skepticism.
Sources of malware
We think of malware as being created by folks we call hackers or cybercriminals.
Their goal is to steal information they can then use to make money, or, as with ransomware, hold computers or information hostage, once again with payment as the goal.
Malware authors are everywhere. They range from students just causing mischief to professional hacking organizations pursuing a criminal online business.
Hackers are both foreign and domestic. The internet has enabled planetary reach for anyone regardless of where they’re located.
Malware can come from anyone, anywhere, and at any time.
It gets ever so slightly worse.
Malware often comes from people you know.
Individuals with questionable security hygiene don’t create malware, but they’re often a source in the sense that they’re responsible for spreading it.
This can take several forms.
- Their machine is infected and begins to spread malware either as a bot (typically by sending spam) or by attempting to infect other machines directly.
- Their online account is compromised and used by hackers to send malware.
- They forward malware via email without realizing they’ve done so.
In all these cases, it’s their security habits, or lack thereof, that end up spreading the malware to others.
If you’re getting malware via email, either your email address is in the address book of someone’s compromised online account or spammers have harvested your email address in any of a dozen other ways.
These days, it’s effectively impossible to determine where spam actually comes from.
The “From:” address is unreliable due to From spoofing. In short, spammers can just make it up, as it need not have any relationship to reality.
The email headers you don’t normally see can include additional information, but that, too, is easily spoofed or made irrelevant. For example, it might be your neighbor’s machine that appears in the headers, but only because their machine had become part of a spam-sending bot net. Aside from allowing their machine to be infected, your neighbor had nothing to do with it.
Don’t waste time trying to determine where malware and spam comes from. It’s typically impossible for the average person.
And above all, please don’t become a superspreader.
One thing that will help is to subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.