I just received the following message, allegedly from Bill Gosper. I find it highly suspect, since 1) it's in HTML (and I can't imagine Bill sending mail in HTML), 2) the headers are all wrong 3) it contains a one-word explanation (typical of trojan horses, atypical of Bill) 4) contains a .cpl attachment (Windows control panel applet, most of which are trojan horses instead). What is curious, however, is that a fully up-to-date Norton Antivirus does not detect this as a known trojan horse or virus. Nevertheless, I suspect that someone on the list has got a bug, so I suggest that anyone running Windows do a scan. The Received: header seems forged, since DNS resolution is inconsistent: HOBBITON.net -> unresolvable 80.55.203.130 -> e-wroc.net -> 198.65.102.86 -> unresolvable) Whois reports that 80.55.203.130 belongs to RIPE in Amsterdam, while 198.65.102.86 beloings to Verio, in Englewood CO. Here's the message: Return-Path: <rwg@NEWTON.macsyma.com> Received: from HOBBITON.net ([80.55.203.130]) by montgomery.mail.atl.earthlink.net (EarthLink SMTP Server) with SMTP id 1bMBkK40p3Nl3qB0 for <mniemiec@interserv.com>; Mon, 19 Jul 2004 12:49:41 -0400 (EDT) Date: Mon, 19 Jul 2004 18:57:44 +0100 To: "Mniemiec" <mniemiec@interserv.com> From: "Rwg" <rwg@NEWTON.macsyma.com> Subject: Re: Message-ID: <khaigvpygaksxspcbjm@interserv.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--------mkdnyyiyrrpbudfadypg" X-ELNK-AV: 0 ----------mkdnyyiyrrpbudfadypg Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: 7bit <html><body>

Animals<br>

<br> </body></html> ----------mkdnyyiyrrpbudfadypg Content-Type: application/octet-stream; name="Doll.cpl" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="Doll.cpl" <snip> -- Mark D. Niemiec <mniemiec@interserv.com>