Return-Path: <owner-rsgb_lf_group@blacksheep.org>
Received: (qmail 56717 invoked from network); 3 Dec 2003 10:44:30 -0000
Received: from unknown (HELO warrior.services.quay.plus.net) (212.159.14.227)  by ptb-mailstore with SMTP; 3 Dec 2003 10:44:30 -0000
Received: (qmail 16052 invoked from network); 3 Dec 2003 10:44:38 -0000
X-Filtered-by: Plusnet (hmail v1.01)
X-Priority: 3
X-MSMail-Priority: Normal
X-Spam-detection-level: 11
Received: from post.thorcom.com (193.82.116.20)  by warrior.services.quay.plus.net with SMTP; 3 Dec 2003 10:44:29 -0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Fake-Domain: majordom
Received: from majordom by post.thorcom.com with local (Exim 4.14) id 1ARUTa-0004IZ-Do for rsgb_lf_group-outgoing@blacksheep.org; Wed, 03 Dec 2003 10:43:22 +0000
Received: from [165.212.11.112] (helo=cmsrelay03.mx.net) by post.thorcom.com with smtp (Exim 4.14) id 1ARUTW-0004Hk-EN for rsgb_lf_group@blacksheep.org; Wed, 03 Dec 2003 10:43:18 +0000
Received: from uadvg131.cms.usa.net (165.212.11.131)  by cmsoutbound.mx.net with SMTP; 3 Dec 2003 10:42:46 -0000
Received: from usa.net [151.37.48.86] by uadvg131.cms.usa.net (ASMTP/dibene@usa.net) via mtad (C8.MAIN.3.11E)  with ESMTP id 713HLckQO0406M31; Wed, 03 Dec 2003 10:42:41 GMT
X-USANET-Auth: 151.37.48.86    AUTH dibene@usa.net usa.net
Message-ID: <3FCDBE16.70503@usa.net>
Date: Wed, 03 Dec 2003 11:42:30 +0100
From: "Alberto di Bene" <dibene@usa.net>
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: rsgb_lf_group@blacksheep.org
References: <3FCD9399.17276.C1B38@localhost>
In-reply-to: <3FCD9399.17276.C1B38@localhost>
Subject: Re: LF: PAYPAL e-mail virus threat
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on post.thorcom.com
X-Spam-Level: **
X-Spam-Status: No, hits=2.8 required=5.0 tests=FAKE_HELO_USA_NET autolearn=no version=2.60
X-SA-Exim-Scanned: Yes
Sender: <owner-rsgb_lf_group@blacksheep.org>
Precedence: bulk
Reply-To: rsgb_lf_group@blacksheep.org
X-Listname: rsgb_lf_group
X-SA-Exim-Rcpt-To: rsgb_lf_group-outgoing@blacksheep.org
X-SA-Exim-Scanned: No; SAEximRunCond expanded to false
X-Spam-Rating: 1

Mike Dennison wrote:

>This is not really necessary. My copy of Norton has found 
>and stopped the virus every time I have received it. Also, 
>my understanding is that the virus asks you to enter bank 
>details. This is a request that is easily ignored.
>
>  
>
It looks like there are two versions of this scam/virus.
The first simply asks you to enter the details of your bank account, 
which nobody
in his right mind would ever do. The second version, the one with the virus,
asks you to execute an attached program, which is described as a security
measure to avoid that malicious persons (!) could intercept what you are
asked to send while passing on the Internet. This version was duly blocked
by my ISP (usa.net) even before it reached me. I just received the message
with the attachment removed.

73  Alberto  I2PHD