On Sun, 31 Aug 2003, Tim Chown wrote: > On Sat, Aug 30, 2003 at 05:25:19PM -0400, Dean Anderson wrote: > > > > The Virus writer obviously went to some trouble to pick valid addresses. > > It stands to reason that they expect that someone is getting mail to these > > addresses. It also stands to reason that the abuser expects those persons > > to get Virus notifications. > > I don't think so; isn't it more likely the writer wants the infection to > spread, and the best chance for that is that the recipient sees a From: > address that they recognise and "trust", rather than kerjregj@jsfjkh.com, > so they look at the content where they otherwise would be wary? Your comments are true in general, but I don't think they take into consideration the differences between this virus and the ones that go through the address book. One can (more) easily get such valid, trusted, familiar addresses from the address book. Many virues do just that, probably with just the purpose you mentioned. However, this virus is different. It is using 'valid' addresses that aren't found in address books--addresses that wouldn't be familiar to anyone, but are still valid. There must be a reason why they would go to such trouble... --Dean