Re: Virus message info

David (dstrother@pop.dn.net)
Fri, 14 May 1999 07:09:11 -0400


Dear Norm:   While the attachment was technically not a virus (which can
damage or destroy files/drives/whatnots), but rather a trojan horse
(which simply spreads through auto-posting from a mail list on your
computer and then does the same thing ad infinitum/nauseum on other
people's), the pernicious effects are nigh on to the same in terms of
clogging up everyone's machines with garbage.

....but....it works only if a recipient opens the attachment.  It is not
spread through receipt of the message itself.  ....and the .exe on the
attachment was a dead giveaway that it was a self-executing file.

Remember, safe computing is like safe sex:  if you don't know your
partner, don't open the attachment.

Anyhow, by using the "show all headers" function on your mail client we
discover the following:

X-Authentication-Warning: ari.ari.net: majordom set sender to 
owner-mdosprey@ARI.Net using  -f
Date: Thu, 13 May 1999 20:37:59 -0400 (EDT)

This suggests that the perpetrator forged the Bellatlantic address to
cover his tracks. None the less, your advice is good: If each of us
expands the headers and then forwards the whole schmear to
abuse@bellatlantic.com they'll be more likely to take some action, if
indeed there is an action to be taken.

So thanks for the necessary but unhappy task of tightening up the
controls on access and use of the MDOsprey ML  ......   and don't feel
bad about having been trusting, as this has happened in the last six
months to two other MLs to which I subscribe, one of which was spammed
by the "happy.exe" that was used in this case.

Regards, and good birding
David Strother
Bethesda, Maryland