Return-Path: <owner-rsgb_lf_group@blacksheep.org>
Received: (qmail 16213 invoked from network); 2 Oct 2002 18:30:17 -0000
Received: from warrior.services.quay.plus.net (212.159.14.227)  by mailstore with SMTP; 2 Oct 2002 18:30:17 -0000
X-Priority: 3
X-MSMail-Priority: Normal
Received: (qmail 3831 invoked from network); 2 Oct 2002 18:30:30 -0000
Received: from post.thorcom.com (193.82.116.70)  by warrior.services.quay.plus.net with SMTP; 2 Oct 2002 18:30:30 -0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-SQ: A
Received: from majordom by post.thorcom.com with local (Exim 4.10) id 17woFG-0004ub-00 for rsgb_lf_group-outgoing@blacksheep.org; Wed, 02 Oct 2002 19:29:14 +0100
Received: from [205.188.157.39] (helo=imo-d07.mx.aol.com) by post.thorcom.com with esmtp (Exim 4.10) id 17woFG-0004uA-00 for rsgb_lf_group@blacksheep.org; Wed, 02 Oct 2002 19:29:14 +0100
Received: from WarmSpgs@aol.com by imo-d07.mx.aol.com (mail_out_v34.13.) id l.189.f1605a3 (4418) for <rsgb_lf_group@blacksheep.org>; Wed, 2 Oct 2002 14:28:41 -0400 (EDT)
From: WarmSpgs@aol.com
Message-ID: <189.f1605a3.2acc94d9@aol.com>
Date: Wed, 2 Oct 2002 14:28:41 EDT
To: rsgb_lf_group@blacksheep.org
MIME-Version: 1.0
X-Mailer: AOL 4.0 for Windows 95 sub 120
Subject: Re: LF: Dont open "Larry Kayer" msg  VIRUS
Content-Type: text/plain; charset=US-ASCII; format=flowed
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, hits=0.5 required=5.0tests=NO_REAL_NAMEversion=2.31
Sender: <owner-rsgb_lf_group@blacksheep.org>
Precedence: bulk
Reply-To: rsgb_lf_group@blacksheep.org
X-Listname: rsgb_lf_group

In a message dated 10/2/02 1:45:01 PM Eastern Daylight Time, dibene@usa.net 
writes:

<< Well, my virus checker didn't spot it. Probably it needs to be updated.
 I read the message, but did nothing about the attachment.
 Then, after reading the warnings, I deleted that message alltogether.
 Am I infected ? I used Mozilla to read the mail, so if the virus relies
 on security exposures of Outlook, I should be safe.
 Any advice based on direct experience on this ? >>

Yes, you probably are safe, Alberto.  There are only two ways for that file 
to cause damage.

One way is if the recipient has HTML rendering enabled, on an e-mail client 
that permits the IFRAME tag to work.  The code in the body of the message 
causes the file to execute in the background and infect the user's machine.  
Any e-mail client that has HTML rendering turned off (which you can do in 
Outlook, though "off" should really be the default), or one which does not 
implement the full HTML standard (Mozilla and Netscape, for example, plus the 
AOL e-mail client), or one which does not implement HTML at all, will only 
show the file as an attachment.

The second way the file could cause damage, even on non-HTML-enabled e-mail 
clients, is if the recipient downloads it, ignores the .pif extension, and 
tries to open it.  Then it is free to do its nefarious work.

73,
John