Return-Path: Received: (qmail 19105 invoked from network); 12 Oct 2002 23:36:30 -0000 Received: from murphys.services.quay.plus.net (212.159.14.225) by mailstore with SMTP; 12 Oct 2002 23:36:30 -0000 Received: (qmail 756 invoked from network); 12 Oct 2002 23:35:45 -0000 Received: from post.thorcom.com (193.82.116.70) by murphys.services.quay.plus.net with SMTP; 12 Oct 2002 23:35:45 -0000 X-SQ: A Received: from majordom by post.thorcom.com with local (Exim 4.10) id 180Vmw-0000uT-00 for rsgb_lf_group-outgoing@blacksheep.org; Sun, 13 Oct 2002 00:35:18 +0100 Received: from [194.73.73.92] (helo=carbon.btinternet.com) by post.thorcom.com with esmtp (Exim 4.10) id 180Vmw-0000uK-00 for rsgb_lf_group@blacksheep.org; Sun, 13 Oct 2002 00:35:18 +0100 Received: from host213-123-44-236.in-addr.btopenworld.com ([213.123.44.236] helo=main) by carbon.btinternet.com with smtp (Exim 3.22 #8) id 180Vmv-00026G-00 for rsgb_lf_group@blacksheep.org; Sun, 13 Oct 2002 00:35:17 +0100 Message-ID: <000501c27247$f7d26340$a34f7ad5@main> From: "Alan Melia" To: "LF-Group" Date: Sun, 13 Oct 2002 00:31:47 +0100 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Subject: LF: Please check .... Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, hits=1.0 required=5.0tests=SPAM_PHRASE_00_01,USER_AGENT_OEversion=2.42 X-Spam-Level: * Sender: Precedence: bulk Reply-To: rsgb_lf_group@blacksheep.org X-Listname: rsgb_lf_group Hi all, it would seem that though not being sent through the Reflector, some reflector member's PC has been infected and is sending out quanties of infected mail. The message mentioned by Andre is not from Mike, I believe, (someone else received a spoofed message with his name about 10 days ago.) but as Andre, Brian, and myself have received the same message today it would seem that someone's machine still has an undectected virus which is using his address list of Reflector members and / or message Inbox (which must be quite big for Mike changed his address some time ago, I only have an archive folder back to April 2002 ...not in the Inbox...and it is not in there.....I believe that Mike announced the change last year.....so whoever is infected has an enormous INbox folder ) to forge the instantly recognisable message with a 69kB attachment (a size that would not pass through the reflector) If you have not already checked your machine with a data update at about 30th Sept 2002 or later please run a system scan. I am led to believe that NortonAV will not run properly when the PC is infected,but this is only anecdotal evidence. If you are in doubt please read back reflector mail from Dave G3YMC, which contains URLs with information. Sorry to be a harbinger of bad news to someone. Cheers de Alan G3NYK alan.melia@btinternet.com