Return-Path: <majordom@post.thorcom.com>
Received: (qmail 11993 invoked from network); 11 Jul 2002 20:05:42 -0000
Received: from warrior.services.quay.plus.net (212.159.14.227)  by mailstore with SMTP; 11 Jul 2002 20:05:42 -0000
Received: (qmail 14132 invoked from network); 11 Jul 2002 20:04:49 -0000
Received: from post.thorcom.com (193.82.116.70)  by warrior.services.quay.plus.net with SMTP; 11 Jul 2002 20:04:49 -0000
X-SQ: A
Received: from majordom by post.thorcom.com with local (Exim 3.33 #2) id 17Sk7E-000697-00 for rsgb_lf_group-outgoing@blacksheep.org; Thu, 11 Jul 2002 21:00:40 +0100
Received: from protactinium.btinternet.com ([194.73.73.176]) by post.thorcom.com with esmtp (Exim 3.33 #2) id 17Sk7D-000692-00 for rsgb_lf_group@blacksheep.org; Thu, 11 Jul 2002 21:00:39 +0100
Received: from host62-7-44-161.in-addr.btopenworld.com ([62.7.44.161] helo=main) by protactinium.btinternet.com with smtp (Exim 3.22 #8) id 17Sk7C-0000gc-00 for rsgb_lf_group@blacksheep.org; Thu, 11 Jul 2002 21:00:38 +0100
Message-ID: <000201c22915$983bc0a0$a12c073e@main>
From: "Alan Melia" <Alan.Melia@btinternet.com>
To: "LF-Group" <rsgb_lf_group@blacksheep.org>
Subject: LF: More suspicious messages
Date: Thu, 11 Jul 2002 20:44:26 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.3110.5
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Precedence: bulk
Reply-To: rsgb_lf_group@blacksheep.org
X-Listname: rsgb_lf_group
Sender: <majordom@post.thorcom.com>

Hi all, I have just had a new one to me. I received an undelivered mail
message, purporting to come from the "Mail Delivery System". Using
techniques learned from Dave G3YMC, this look very suspicious it does not
contain a message body relating to anything I have sent at any time. There
inadequate information to identify the message so there is a tempation to
open the attachment. The attachment looks very 'dodgy' being a 40k block of
hex, which is disguised to be a WAV file but has one of those suspicious
double extensions (i.e magazine.dat.bat )

I was fooled into opening the attachment originally and it crashed Outlook
Express. I have since scanned with McAfee and it indicates I am not
infected. This may be an innocent error, but I cynically suspect it is an
attempt to get the user to open an extension and activate questionable code.

If anyone knows different...please shoot me down, but in the meantime be
carefull about supposedly "Undelivered Mail" messages.

Cheers de Alan G3NYK
alan.melia@btinternet.com