I'd be careful even with that method to be honest, as some of these viruses do genuinely send emails from people you know / trust, having infected their email systems and fired off messages to all their contacts. (ie the IP address can be genuine even if the message is not) The best indicator is really the content itself - most of these ones ask you to check an attachment, which installs the virus, and they usually just contain 3 or 4 words of text, and an obvious subject like 'read it immediately.
> ----- Original Message ----- > From: "peter mueller" <[EMAIL PROTECTED]> > To: "Dan Bean" <[EMAIL PROTECTED]>; <[email protected]> > Sent: Friday, April 30, 2004 3:26 PM > Subject: Re: (313) something weird/abe duque, the hand inside the glove > puppet? > > > > if you're not sure wether a mail really comes from 313 or not, you can > > easily find out by checking the header of the mail. most part of headers > > get faked as well, but in the "received" line there's always the ip from > > the source of the mail. the ip of the hyperreal-server is 209.237.226.90. > > if you don't find this ip in any of the "received" lines, you can be sure > > that it's a virus or worm... > > > > bye, > > peter > > > > On Fri, 30 Apr 2004 14:56:53 +0100, Dan Bean <[EMAIL PROTECTED]> wrote: > > > > > 1. Just got one of those spam emails that mimics a delivery failure > > > notice and has an attachment that supposedly contains further info. I've > > > never opened these in the past but have trashed them on the assumption > > > that the attachment contains a virus or the like. Anyway, what you might > > > all wish to know is that I just got one from the following address! > > > > > > [EMAIL PROTECTED] > > > > > > My initial reaction is obviously not to open it and to warn you all. Can > > > anyone confirm whether this is the correct response or alternatively > > > tell me if in fact it is a bona fide message - I've never received > > > messages in this form from hyperreal before so I'm not 100% sure whether > > > to dismiss it or not + it seems to be totally out of any context. > > >
