Return-Path: <majordom@post.thorcom.com> Received: (qmail 27053 invoked from network); 12 Jul 2002 09:55:40 -0000 Received: from warrior.services.quay.plus.net (212.159.14.227) by mailstore with SMTP; 12 Jul 2002 09:55:40 -0000 Received: (qmail 20043 invoked from network); 12 Jul 2002 09:54:58 -0000 X-MSMail-Priority: High Received: from post.thorcom.com (193.82.116.70) by warrior.services.quay.plus.net with SMTP; 12 Jul 2002 09:54:58 -0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-SQ: A Received: from majordom by post.thorcom.com with local (Exim 3.33 #2) id 17Sx5A-0007qv-00 for rsgb_lf_group-outgoing@blacksheep.org; Fri, 12 Jul 2002 10:51:24 +0100 Received: from smtp-1.visp.telinco.net ([212.1.130.1]) by post.thorcom.com with esmtp (Exim 3.33 #2) id 17Sx59-0007qq-00 for rsgb_lf_group@blacksheep.org; Fri, 12 Jul 2002 10:51:23 +0100 Received: from [212.1.152.32] (helo=standalone) by smtp-1.visp.telinco.net with smtp (Exim 3.32 #1) id 17Sx2h-0007aV-00 for rsgb_lf_group@blacksheep.org; Fri, 12 Jul 2002 10:48:52 +0100 Received: by localhost with Microsoft MAPI; Fri, 12 Jul 2002 10:50:29 +0100 Message-ID: <01C22991.F02D1BC0.g4jnt@thersgb.net> From: "Andy talbot" <g4jnt@thersgb.net> To: rsgb_lf_group@blacksheep.org Subject: LF: RE: More suspicious messages Date: Fri, 12 Jul 2002 10:50:27 +0100 Importance: high X-Priority: 1 X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 8bit Precedence: bulk Reply-To: rsgb_lf_group@blacksheep.org X-Listname: rsgb_lf_group Sender: <majordom@post.thorcom.com> I've had one or two of these recently, often from unknown sources. I have always assumed it was caused by an incorrect HTML conversion setting, and deleted them without thinking any more. If the mesage was important and genuine the sender can always try again using plain text. Some people have taken to automatically deleteing HTML EMail on receipt. Andy G4JNT -----Original Message----- From: Alan Melia [SMTP:Alan.Melia@btinternet.com] Sent: 2002/07/11 20:44 To: LF-Group Subject: LF: More suspicious messages Hi all, I have just had a new one to me. I received an undelivered mail message, purporting to come from the "Mail Delivery System". Using techniques learned from Dave G3YMC, this look very suspicious it does not contain a message body relating to anything I have sent at any time. There inadequate information to identify the message so there is a tempation to open the attachment. The attachment looks very 'dodgy' being a 40k block of hex, which is disguised to be a WAV file but has one of those suspicious double extensions (i.e magazine.dat.bat ) I was fooled into opening the attachment originally and it crashed Outlook Express. I have since scanned with McAfee and it indicates I am not infected. This may be an innocent error, but I cynically suspect it is an attempt to get the user to open an extension and activate questionable code. If anyone knows different...please shoot me down, but in the meantime be carefull about supposedly "Undelivered Mail" messages. Cheers de Alan G3NYK alan.melia@btinternet.com