Dear Norm: While the attachment was technically not a virus (which can damage or destroy files/drives/whatnots), but rather a trojan horse (which simply spreads through auto-posting from a mail list on your computer and then does the same thing ad infinitum/nauseum on other people's), the pernicious effects are nigh on to the same in terms of clogging up everyone's machines with garbage. ....but....it works only if a recipient opens the attachment. It is not spread through receipt of the message itself. ....and the .exe on the attachment was a dead giveaway that it was a self-executing file. Remember, safe computing is like safe sex: if you don't know your partner, don't open the attachment. Anyhow, by using the "show all headers" function on your mail client we discover the following: X-Authentication-Warning: ari.ari.net: majordom set sender to owner-mdosprey@ARI.Net using -f Date: Thu, 13 May 1999 20:37:59 -0400 (EDT) This suggests that the perpetrator forged the Bellatlantic address to cover his tracks. None the less, your advice is good: If each of us expands the headers and then forwards the whole schmear to abuse@bellatlantic.com they'll be more likely to take some action, if indeed there is an action to be taken. So thanks for the necessary but unhappy task of tightening up the controls on access and use of the MDOsprey ML ...... and don't feel bad about having been trusting, as this has happened in the last six months to two other MLs to which I subscribe, one of which was spammed by the "happy.exe" that was used in this case. Regards, and good birding David Strother Bethesda, Maryland