Return-Path: Received: (qmail 11993 invoked from network); 11 Jul 2002 20:05:42 -0000 Received: from warrior.services.quay.plus.net (212.159.14.227) by mailstore with SMTP; 11 Jul 2002 20:05:42 -0000 Received: (qmail 14132 invoked from network); 11 Jul 2002 20:04:49 -0000 Received: from post.thorcom.com (193.82.116.70) by warrior.services.quay.plus.net with SMTP; 11 Jul 2002 20:04:49 -0000 X-SQ: A Received: from majordom by post.thorcom.com with local (Exim 3.33 #2) id 17Sk7E-000697-00 for rsgb_lf_group-outgoing@blacksheep.org; Thu, 11 Jul 2002 21:00:40 +0100 Received: from protactinium.btinternet.com ([194.73.73.176]) by post.thorcom.com with esmtp (Exim 3.33 #2) id 17Sk7D-000692-00 for rsgb_lf_group@blacksheep.org; Thu, 11 Jul 2002 21:00:39 +0100 Received: from host62-7-44-161.in-addr.btopenworld.com ([62.7.44.161] helo=main) by protactinium.btinternet.com with smtp (Exim 3.22 #8) id 17Sk7C-0000gc-00 for rsgb_lf_group@blacksheep.org; Thu, 11 Jul 2002 21:00:38 +0100 Message-ID: <000201c22915$983bc0a0$a12c073e@main> From: "Alan Melia" To: "LF-Group" Subject: LF: More suspicious messages Date: Thu, 11 Jul 2002 20:44:26 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Precedence: bulk Reply-To: rsgb_lf_group@blacksheep.org X-Listname: rsgb_lf_group Sender: Hi all, I have just had a new one to me. I received an undelivered mail message, purporting to come from the "Mail Delivery System". Using techniques learned from Dave G3YMC, this look very suspicious it does not contain a message body relating to anything I have sent at any time. There inadequate information to identify the message so there is a tempation to open the attachment. The attachment looks very 'dodgy' being a 40k block of hex, which is disguised to be a WAV file but has one of those suspicious double extensions (i.e magazine.dat.bat ) I was fooled into opening the attachment originally and it crashed Outlook Express. I have since scanned with McAfee and it indicates I am not infected. This may be an innocent error, but I cynically suspect it is an attempt to get the user to open an extension and activate questionable code. If anyone knows different...please shoot me down, but in the meantime be carefull about supposedly "Undelivered Mail" messages. Cheers de Alan G3NYK alan.melia@btinternet.com