from Helmut Usbeck:
This is a multi-part message in MIME format.
------=_NextPart_000_0056_01C13415.74B4D450
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_0057_01C13415.74B4D450"
------=_NextPart_001_0057_01C13415.74B4D450
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
try to figure out what this one is.
------=_NextPart_001_0057_01C13415.74B4D450
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2505.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>try to figure out what this one=20
is.</FONT></DIV></BODY></HTML>
------=_NextPart_001_0057_01C13415.74B4D450--
------=_NextPart_000_0056_01C13415.74B4D450
Content-Type: application/octet-stream;
name="Humor.TXT~pif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="Humor.TXT~pif"
TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
(snip)
My ISP changes . to ~ in certain executable attachments based on file name
extension, here .pif, so the careless user won't run the attachment and become
infected by the virus. So the name was really Humor.TXT.pif, presumably. This
type of name takes advantage of a flaw in MS-Windows, showing file names without
the final extension, thus this file will appear as Humor.TXT, which looks safe
to open. But a .pif file contains executable code and can be programmed to
carry a virus. Name like Humor.TXT.pif looks like an attempt to hide something
nefarious, so I wouldn't attempt to run such a file. If you see a sender in the
headers, you could query the sender and ask what the attached file is for, and
if he or she meant to send it.
