Return-Path: Received: (qmail 14764 invoked from network); 2 Oct 2002 15:47:51 -0000 Received: from murphys.services.quay.plus.net (212.159.14.225) by mailstore with SMTP; 2 Oct 2002 15:47:50 -0000 Content-Transfer-Encoding: 8bit Received: (qmail 1366 invoked from network); 2 Oct 2002 15:47:20 -0000 X-Priority: 3 X-MSMail-Priority: Normal Received: from post.thorcom.com (193.82.116.70) by murphys.services.quay.plus.net with SMTP; 2 Oct 2002 15:47:19 -0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-SQ: A Received: from majordom by post.thorcom.com with local (Exim 4.10) id 17wlgn-0004JT-00 for rsgb_lf_group-outgoing@blacksheep.org; Wed, 02 Oct 2002 16:45:29 +0100 Received: from [195.22.0.26] (helo=rhun.esoterica.pt) by post.thorcom.com with esmtp (Exim 4.10) id 17wlgn-0004JJ-00 for rsgb_lf_group@blacksheep.org; Wed, 02 Oct 2002 16:45:29 +0100 Received: from srv17slx.esoterica.pt (srv17slx.esoterica.pt [195.22.0.47]) by rhun.esoterica.pt (8.11.6/8.11.6) with ESMTP id g92FjQx03389 for ; Wed, 2 Oct 2002 16:45:26 +0100 (WEST) Received: from slave-6 (por219.esoterica.pt [195.22.5.219]) by srv17slx.esoterica.pt (8.11.6/8.11.6) with SMTP id g92FjQN08798 for ; Wed, 2 Oct 2002 16:45:26 +0100 (WET DST) Message-ID: <3.0.5.32.20021002154834.00a9d100@pop3.esoterica.pt> X-Sender: brian@pop3.esoterica.pt X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Wed, 02 Oct 2002 15:48:34 +0100 To: rsgb_lf_group@blacksheep.org From: "Brian Rogerson" In-reply-to: <000701c26a25$e0dcdbe0$ad217ad5@main> MIME-Version: 1.0 Subject: Re: LF: Dont open "Larry Kayer" msg VIRUS Content-Type: text/plain; charset=us-ascii; format=flowed X-Spam-Status: No, hits=-3.4 required=5.0tests=IN_REP_TOversion=2.31 Sender: Precedence: bulk Reply-To: rsgb_lf_group@blacksheep.org X-Listname: rsgb_lf_group Isn't it possible to trace this sort of thing back? Received: from host62-7-55-203.in-addr.btopenworld.com ([62.7.55.203] helo=j1r9b7) Doesn't this mean that the person who released "bugbear" is at least communicating with "btopenword"? Or is it now possible to generate a completely fictitious communication path header? Alternatively the originator may be in blissfully ignorance? I would be grateful if someone would comment. 73, Brian At 16:10 02/10/2002 +0100, you wrote: >Hi all the message purporting to come from Larry Kayser, who is now no >longer active on LF I believe contains a very suspicious attachment...see >Dave Sargents recent posting on a new virus. >It certinaly contains all the elements, although I have not updated my >checker yet, I was suspicious of the subject line which relates to a mail >about 12 months ago. The attachment is made to this seeming genuine message, >and has evaded any checks on the reflector. > >Cheers de Alan G3NYK >alan.melia@btinternet.com > > > > > > 73 Brian CT1DRP IN51QD 41 09 58N 08 39 13W http://homepage.esoterica.pt/~brian