Tyler Durden <camera_lumina@hotmail.com> wrote:

And then, is it possible to create some kind of filter that stops these replies?

If it's the type of virus that delivers its payload as soon as it's viewed (relying on bugs in MSOE or whatever), then it's possible that such a thing could go undetected, especially if AV signatures haven't been updated to stop it. Of course, you could also just put a web bug in an HTML email sent to the list and wait for people to view the message in the proper viewer (read: MSOE, &c). Other than relying on bugs (or "features") of the mail client, however, it seems that any such system relies on the user opening a malicious attachment. Any reasonably clueful person knows not to do this, so the answer to the filter question is yes; lack of stupidity is a filter that will stop this sort of attack. Of course, this assumes that the mail client doesn't automagically execute the payload; on the other hand, it could be argued that using such a client is itself an act of stupidity. There's another answer as well: subscribe to a moderated node that demimes messages before passing them on. Viruses won't get through at all, nor will HTML email. LNE used demime before its demise; pro-ns.net and al-qaeda.net do as well. -- Riad Wahby rsw@jfet.org MIT VI-2 M.Eng