Hal
May 12, 2002, 10:27 AM
From :
webmaster <[email protected]>
To :
[email protected]
Date :
Fri, 10 May 2002 03:58:15 -0700
MIME-Version: 1.0
Received: from [] by hotmail.com (3.2) with ESMTP id MHotMailBEA4F2CC007340043762CFD9787BCF340; Fri, 10 May 2002 03:58:21 -0700
Received: from user-2ivf486.dsl.mindspring.com ([165.247.145.6] helo=Ozwi)by swan.prod.itd.earthlink.net with smtp (Exim 3.33 #2)id 17686I-0006U3-00for [email protected]; Fri, 10 May 2002 03:58:15 -0700
From [email protected] Fri, 10 May 2002 03:58:36 -0700
Message-Id: <[email protected]>
The size of the mail was 149KB and it contains a destructive .pif.
This seems to be the new one going around. From the return address it appears to be from TFL. It isn't. I repeat, it isn't coming from TFL What this one seems to do is search the address book of the infected user and use random legitimate email addresses as the return address so that it apperas the mail was sent from that person.
webmaster <[email protected]>
To :
[email protected]
Date :
Fri, 10 May 2002 03:58:15 -0700
MIME-Version: 1.0
Received: from [] by hotmail.com (3.2) with ESMTP id MHotMailBEA4F2CC007340043762CFD9787BCF340; Fri, 10 May 2002 03:58:21 -0700
Received: from user-2ivf486.dsl.mindspring.com ([165.247.145.6] helo=Ozwi)by swan.prod.itd.earthlink.net with smtp (Exim 3.33 #2)id 17686I-0006U3-00for [email protected]; Fri, 10 May 2002 03:58:15 -0700
From [email protected] Fri, 10 May 2002 03:58:36 -0700
Message-Id: <[email protected]>
The size of the mail was 149KB and it contains a destructive .pif.
This seems to be the new one going around. From the return address it appears to be from TFL. It isn't. I repeat, it isn't coming from TFL What this one seems to do is search the address book of the infected user and use random legitimate email addresses as the return address so that it apperas the mail was sent from that person.