Helping people with computers... one answer at a time.

I am receiving identical emails with the same virus. Only the senders name is changing each time. Is it possible that it's coming from the same source and the identity is being changed? And if so, how can I track down the sender?

Well, with viruses being what they are, an being as pervasive as they are, it is quite possible that they're coming from the same source.

But it's also just as possible that they're not.

Some classes of virus do exactly what you describe: they randomly change the "From:" attribute of the mails that they send. They'll typically infect someone's machine, and raid their address book, using the addresses therein for both the "To:" line, to propagate the virus, and the "From:" line to obfuscate the source. Occasionally they'll also use the "Bcc:" line to confuse things even further - you suddenly get mail that's sent to someone else and your email address doesn't appear on it at all.

But the other scenario is also possible. Viruses tend to attack in waves. Particularly when a virus is new, and the anti-virus products haven't been updated to detect it, it can infect a large number of machines quickly. In this case you might well receive the same virus-laden email from several different sources in a short period of time.

Tracking down the source of either tends to be difficult, since spammers and virus writers these days go to great lengths to obfuscate that information. You can look at the raw email headers (how to get at them varies depending on your email client) and often see the path that the email took from machine to machine on its way to you. That may help some, but it often only leads to a general idea, such as "an ISP", rather than a specific individual or machine. It can be done, but it's not really easy to track all the way to the source.

My advice: delete 'em & carry on.

Article C2342 - April 27, 2005 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.