Return-Path: Received: (qmail 23062 invoked from network); 3 Mar 2004 20:24:28 -0000 Received: from unknown (HELO ptb-mxscan01.plus.net) (212.159.14.235) by ptb-mailstore04.plus.net with SMTP; 3 Mar 2004 20:24:28 -0000 Received: (qmail 64002 invoked from network); 3 Mar 2004 20:24:27 -0000 X-Filtered-by: Plusnet (hmail v1.01) X-Spam-detection-level: 11 Received: from ptb-mxcore01.plus.net (212.159.14.215) by ptb-mxscan01.plus.net with SMTP; 3 Mar 2004 20:24:25 -0000 Received: from post.thorcom.com ([193.82.116.20]) by ptb-mxcore01.plus.net with esmtp (Exim 4.30; FreeBSD) id 1Aycun-000GPg-6e for dave@picks.force9.co.uk; Wed, 03 Mar 2004 20:24:25 +0000 X-Fake-Domain: majordom Received: from majordom by post.thorcom.com with local (Exim 4.14) id 1Ayctv-0006Pv-H3 for rs_out@blacksheep.org; Wed, 03 Mar 2004 20:23:31 +0000 Received: from [194.73.73.93] (helo=rhenium.btinternet.com) by post.thorcom.com with esmtp (Exim 4.14) id 1Ayctv-0006Pm-0N for rsgb_lf_group@blacksheep.org; Wed, 03 Mar 2004 20:23:31 +0000 Received: from [81.129.97.196] (helo=dellboy) by rhenium.btinternet.com with smtp (Exim 3.22 #25) id 1Ayctu-0001Fl-00 for rsgb_lf_group@blacksheep.org; Wed, 03 Mar 2004 20:23:30 +0000 X-Bad-Message-ID: no DNS (dellboy) Message-ID: <001301c4015d$ba815180$1f00a8c0@dellboy> From: "Dave Pick" To: rsgb_lf_group@blacksheep.org References: <000d01c40113$1cc51160$3704210a@Hugh> <001d01c40114$df4792c0$6507a8c0@Main> <6.0.1.1.0.20040303133121.01f63ec0@mail.btinternet.com> Date: Wed, 3 Mar 2004 20:25:53 -0000 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Subject: Re: LF: Re: Re: Your software from G3XYM - virus ? Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on post.thorcom.com X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.63 X-SA-Exim-Scanned: Yes Sender: Precedence: bulk Reply-To: rsgb_lf_group@blacksheep.org X-Listname: rsgb_lf_group X-SA-Exim-Rcpt-To: rs_out@blacksheep.org X-SA-Exim-Scanned: No; SAEximRunCond expanded to false X-PN-SPAMFiltered: yes X-Spam-Rating: 2 Damn clever these viruses, they send e-mails without your machine being switched on! ;-) Yes it did look like Netsky, mails with that one seem to total about 25k. What has to be borne in mind is that the "From" address on the virus mail is as bogus as the Subject, it is picked at random from the affected machine's address book. As most of us don't tend to have our own address in our address books it seems that whoever appears to have sent the mail is probably the least likely one to have actually done it! Who'd be daft enough to run a ".pif" attachment anyway? Surely no-one on this list??? Dave (computer in perfect health) G3YXM. ----- Original Message ----- From: Andrew Nunn To: rsgb_lf_group@blacksheep.org Sent: Wednesday, March 03, 2004 1:33 PM Subject: Re: LF: Re: Re: Your software from G3XYM - virus ? Hi all. This has all the hallmarks of the w32.netsky.d@mm mass-mailing worm. See: http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.d@mm.html 73 Andrew G8AXO -------------- It looks likely Hugh....I got a stange pif document that had been posted to the "outbox" at blacksheep.org ....I have alerted John...Dave might be wise to do a scan on his machine Cheers Alan G3NYK ----- Original Message ----- From: "Hugh M0WYE" To: Sent: 03 March 2004 11:31 Subject: LF: Re: Your software from G3XYM - virus ? > Hi All, > The posting with the subject "Re: Your software", purporting to come from > 'XYM looks a bit dodgy to me. > There is no text in the E-mail and it contains a .pif attachment, which I > think is some kind of executable. > Forgive me if I'm wrong, but you can't be too careful these days. > 73 > Hugh M0WYE > > > Andrew Nunn 1 Andrew Close, Leiston, Suffolk, IP16 4LE, England Tel/Fax: 01728 830462 International: +44 1728 830462 Mobile: 07753 840173 All outgoing e-mails scanned with Norton AntiVirus Professional Edition using virus definitions dated 02/03/2004 There are 10 kinds of people, those that understand binary and those that don't