> I seem to recall that its address is not simply firstname.lastname@example.org.
> There are some other characters after the mg-t part.
This is a dead give-away that the message did not come from
(or through) the list. Another dead give-away is that many
of us, myself included, have yet to see even one of these
messages with an attachment carrying a virus payload.
> One of my email filters looks for the string 'mg-t' and sorts
> it into my 'mg-t' folder.
...and more importantly, does not further examine the message,
which is exactly the behavior exploited by these viruses.
An authentic message will be sent from the proper server,
and will include the following line in the message header:
"Received: from autox.team.net (22.214.171.124)"
Anything not from "autox.team.net" and with the ip address
listed above is bogus.
So, a list member's machine is infected, and the virus is
exploiting their address book and (nearly certainly) Outlook
Express or Outlook message folders to perhaps "reply" to a
posting using similar headers to messages it finds in the
/// unsubscribe/change address requests to email@example.com or try
/// Archives at http://www.team.net/archive/mg-t