Quoting Peter Bex (Peter.Bex@student.kun.nl):
> On Tue, Sep 23, 2003 at 01:17:42AM +0000, MLH wrote:
> > What I think is interesting is that while my mailer is getting hit
> > every 30 seconds at least by this beast, they are *all* directed
> > at this one email address, which is *only* used for posting to the
> > NetBSD maillists. Apparently this virus is scamming mail addresses
> > off of some NetBSD mail archive(s).
> 
> Either that or the virus simply scans all emails on the infected system and
> sends itself on to the addresses contained in those messages.
> (Assuming at least one subscriber of the list is using Windows, Outlook etc)
> 
> It's ironic that a virus which is targeted at a specific system causes most
> annoyances with people who don't even use that system.
> (Most people who I know who use Windows don't get any of these messages at all)

Or don't have their names in archives.  The account I post to netnews
from is getting HAMMERED (well, was until I removed the part that I
can expire it with).


A finger print (late here) is that SUBJECT is in all caps.
Also looking in the body for 
  Content-Type:.(application/ms-download|\.(scr|exe|bat|com)")

Catches most bad stuff.

Of course every machine you remove windows from and replace with a
real operating system is a step in the right direction.

(suddenly /me ponders using a CD to auto-configure and install
on stores' computers with a pretty GUI, tools and no windows...)