Many email viruses forge the ‘From’ address.  Instead of assuming that the email originated from the person listed in the From address, it is best to check the extra headers of the message (which are normally hidden) to see what machine the message originated from.  If it’s a machine on the Carnegie Mellon network, we can look up who the owner is and contact them.

 

First turn on ‘full headers’:

 

In Outlook: doubleclick the message to view it in a separate window, select View, Options.

 

In Mulberry: click the 'show headers' button, shown here:

 

Next look for the bottom most ‘Received’ header:

 

Look for the last Received header, usually located right above the Date header.  Here’s an example:

 

In the example, the underlined part is the true sending machine, using IP address 24.52.46.60.

 

If the IP address starts with 128.2, then it’s a machine on the Carnegie Mellon network and the owner can be looked up by a sysadmin via the site http://netreg.net.cmu.edu.  Either send the full headers to advisor@andrew.cmu.edu, or to me (esmiller@cmu.edu), who can then look up and contact the owner to let them know that their machine is infected.