Yup - I've been around online since 19xx (YERY early contributor to Usenet) and I realise fully that reponding to a mailing list about a virus is of itself contrbuting to the problem. But this one's nasty.
The only place the source of this address COULD have been is the Linux mailing list - so it's possibly pervasive here. It's well constructed, too: Headers first: Return-path: <[EMAIL PROTECTED]> Envelope-to: [EMAIL PROTECTED] Delivery-date: Mon, 09 Feb 2004 03:32:28 +0100 Received: from [211.230.41.194] (helo=localhost) by mxng08.kundenserver.de with smtp (Exim 3.35 #1) id 1Aq1Ci-0000r7-00 for [EMAIL PROTECTED]; Mon, 09 Feb 2004 03:31:35 +0100 From: "PayPal.com" <[EMAIL PROTECTED]> To: Linux <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] X-Priority: 1 (High) Subject: IMPORTANT fvohykwe MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------3016BE7E000547C" X-RBL-Warning: (dialup.bl.kundenserver.de) This mail has been received from a dialup host. Message-Id: <[EMAIL PROTECTED]> Date: Mon, 09 Feb 2004 03:31:35 +0100 A quite well forged envelope. with only my German ISP warning me that it's from a dial-up host. Body next: Dear PayPal member, We regret to inform you that your account is about to be expired in next five business days. To avoid suspension of your account you have to reactivate it by providing us with your personal information. To update your personal profile and continue using PayPal services you have to run the attached application to this email. Just run it and follow the instructions. IMPORTANT! If you ignore this alert, your account will be suspended in next five business days and you will not be able to use PayPal anymore. Thank you for using PayPal. fvofykwy Fails at the first hurdle for me - I'm not and never have been a PayPal member. The "attached application" (obviously deleted) is a 13KB .PIF file which neither Norton nor AVG picked up on its way through. -- Phil Payne http://www.isham-research.com +44 7785 302 803