LE>> for documents created by "MSWD" Provided this new file 
LE>> contains the correct icon resources to display realistic 
LE>> icons for Word documents, the user will not notice anything 
LE>> wrong. When s/he double-clicks a Word document to start 
LE>> working on it, the trojan will be executed, and one thing 
LE>> So simply the act of decoding a MIME attachment, not 
LE>> /directly/ executing it nor /directly/ loading it into any 
LE>> other program, can be directly hazardous.
KW> certainly it is... if you're already infected with the type of companion
KW> infector you describe above... if some kind of program is spoofing
NO, no!! You didn't understand the process fully. The downloaded attachment 
IS the infector! That's the point! Some humorous asshole emails you this 
file, it gets automatically un-Macbinaried by the email client package, and 
this process reconstructs the type and creator information of the file as it 
was sent, which information then finds its way into the desktop file. So the 
downloaded (Trojan) application can AUTOMATICALLY assume ownership of data 
files belonging to some particular application, just by being in existence on 
the hard disk. The user is at risk /just/ by downloading it, not even opening 
the message.
KW> ergo you still cannot become infected by reading something... you can
KW> spread an infection if your reader is already infected however... and
I wasn't talking about an infected reader. Standard behavior of Eudora for 
the Macintosh (and Netscape for MacOS w/Stuffit Expander) is to de-binhex and 
(in the case of Netscape) unarchive downloaded files, NO user intervention 
required.
-- Lewin A.R.W. Edwards [Team OS/2]  Tel 0412809805 * http://www.zws.com/
--- MsgedSQ/2 3.35
---------------