[Top] [All Lists]

RE: The "virus"

To: <>
Subject: RE: The "virus"
From: "James Fischer" <>
Date: Sat, 7 May 2005 21:53:55 -0400
> I seem to recall that its address is not simply
> There are some other characters after the mg-t part.

This is a dead give-away that the message did not come from
(or through) the list.  Another dead give-away is that many
of us, myself included, have yet to see even one of these
messages with an attachment carrying a virus payload.

> One of my  email filters looks for the string 'mg-t' and sorts
> it into my 'mg-t' folder.

...and more importantly, does not further examine the message,
which is exactly the behavior exploited by these viruses.

An authentic message will be sent from the proper server,
and will include the following line in the message header:

   "Received: from ("

Anything not from "" and with the ip address
listed above is bogus.

So, a list member's machine is infected, and the virus is
exploiting their address book and (nearly certainly) Outlook
Express or Outlook message folders to perhaps "reply" to a
posting using similar headers to messages it finds in the
message folders.


///  unsubscribe/change address requests to  or try
///  Archives at

<Prev in Thread] Current Thread [Next in Thread>