Return-Path: Received: (qmail 16213 invoked from network); 2 Oct 2002 18:30:17 -0000 Received: from warrior.services.quay.plus.net (212.159.14.227) by mailstore with SMTP; 2 Oct 2002 18:30:17 -0000 X-Priority: 3 X-MSMail-Priority: Normal Received: (qmail 3831 invoked from network); 2 Oct 2002 18:30:30 -0000 Received: from post.thorcom.com (193.82.116.70) by warrior.services.quay.plus.net with SMTP; 2 Oct 2002 18:30:30 -0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-SQ: A Received: from majordom by post.thorcom.com with local (Exim 4.10) id 17woFG-0004ub-00 for rsgb_lf_group-outgoing@blacksheep.org; Wed, 02 Oct 2002 19:29:14 +0100 Received: from [205.188.157.39] (helo=imo-d07.mx.aol.com) by post.thorcom.com with esmtp (Exim 4.10) id 17woFG-0004uA-00 for rsgb_lf_group@blacksheep.org; Wed, 02 Oct 2002 19:29:14 +0100 Received: from WarmSpgs@aol.com by imo-d07.mx.aol.com (mail_out_v34.13.) id l.189.f1605a3 (4418) for ; Wed, 2 Oct 2002 14:28:41 -0400 (EDT) From: WarmSpgs@aol.com Message-ID: <189.f1605a3.2acc94d9@aol.com> Date: Wed, 2 Oct 2002 14:28:41 EDT To: rsgb_lf_group@blacksheep.org MIME-Version: 1.0 X-Mailer: AOL 4.0 for Windows 95 sub 120 Subject: Re: LF: Dont open "Larry Kayer" msg VIRUS Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, hits=0.5 required=5.0tests=NO_REAL_NAMEversion=2.31 Sender: Precedence: bulk Reply-To: rsgb_lf_group@blacksheep.org X-Listname: rsgb_lf_group In a message dated 10/2/02 1:45:01 PM Eastern Daylight Time, dibene@usa.net writes: << Well, my virus checker didn't spot it. Probably it needs to be updated. I read the message, but did nothing about the attachment. Then, after reading the warnings, I deleted that message alltogether. Am I infected ? I used Mozilla to read the mail, so if the virus relies on security exposures of Outlook, I should be safe. Any advice based on direct experience on this ? >> Yes, you probably are safe, Alberto. There are only two ways for that file to cause damage. One way is if the recipient has HTML rendering enabled, on an e-mail client that permits the IFRAME tag to work. The code in the body of the message causes the file to execute in the background and infect the user's machine. Any e-mail client that has HTML rendering turned off (which you can do in Outlook, though "off" should really be the default), or one which does not implement the full HTML standard (Mozilla and Netscape, for example, plus the AOL e-mail client), or one which does not implement HTML at all, will only show the file as an attachment. The second way the file could cause damage, even on non-HTML-enabled e-mail clients, is if the recipient downloads it, ignores the .pif extension, and tries to open it. Then it is free to do its nefarious work. 73, John