When you receive an e-mail containing a virus, the "from" address is
almost always fake, chosen from the address book of the infected
computer. So just because there are e-mails that appear to be coming from
R. Brekne, that does not mean that they came from there. They could have
been sent from anyone who happens to have his e-mail address in their
computer. A more reliable indicator of where a virus came from is the
originating IP address in the header, like 206.168.112.96 which represents
"bridget.rudoff.com", which is where the pianotech digest e-mails come
from. (You may have to dig a little to see that header, depending on what
e-mail program you use.) So what can you do with an IP address? Well,
you can try to look it up using one of the reverse lookup sites, such as:
http://cello.cs.uiuc.edu/cgi-bin/slamm/ip2name
I use it so much I have it bookmarked. If the e-mail came from a
subscriber to a big ISP, then the lookup can tell you which ISP it was. I
can't identify the subscriber, because IP addresses are reused by all the
subscribers to a given ISP. But if the lookup says "mail.broadpark.no"
then you can suspect that maybe it did come from R. Brekne. Of course, if
the lookup gives you "mail.yahoo.com" then the field of possible senders
is much larger. All that being said, it seems that most of the virus
e-mails that I have been getting lately are coming from IP addresses for
which the reverse lookup fails. Oh well..
Robert Scott
Ypsilanti, Michigan
This PTG archive page provided courtesy of Moy Piano Service, LLC