Fri Mar 5 17:49:59 GMT 2004
> ...and just to prove the point that even good guys can run
> into problems, I
> have just been notified by my ISP that an email from a regular TIG
> contributor has been quarantined, with all the indications of
> one of the
> current batch of viruses.
You can be 99.9% sure with the current viruses that the 'from' email address is not actually
the person with the infected machine, but merely another email addressee on it.
It works like this:
A opens "imanidiot.exe", and his machine is infected. B and C are both in A's address book, so B gets an email purporting to be from
C with a copy of the virus. Examination of email headers will show a different IP address, but that's guru-level stuff...
The best bit is when B's dumb anti-virus software bounces the virus back to C, saying "email refused to to enclosed virus". thus
giving C another chance to get infected... And, of course, B could be using a Mac, so is still helping spread the virus, even while
More information about the Tig