Greg Mayman (3:800/449) wrote to Steven Horn at 08:06 on 19 Apr 2003:

 GM> Most times the infected message has the From: field as the last
 GM> sucker who received it. Or from someone in his address book. So the
 GM> recipient thinks it is a legitimate message.

To a point.  But would you open a message from "Bob Smth" saying
"I love you?"

 GM> I'm surprised they didn't vary the Subj: from one message to the
 GM> next. One sneaky trick would be to copy messages from the Sent
 GM> Messages folder and resend them in infected form.

Someone will come up with that.

 GM> The definition files can only define those viruses that have
 GM> already been found in circulation, so they are always at least one
 GM> step behind.

 GM> I doubt that many virus writers notify Norton or McAfee _before_
 GM> they release the virus.

Agreed but on this occasion, McAfee was not far behind.

 GM> OTOH it is claimed that F-PROT uses a "heuristic" approach,
 GM> whatever that is, and it will be able to detect many viruses that
 GM> are presently unwritten.

My recollection is that what F-PROT claims to do is to be able to identify
virus types or structures in previously unknown programs.  Does it work? 
Who knows but I don't recall it identifying the Love Bug virus.
 
Take care,

Steven Horn (steven_a_horn{at}yahoo.ca)
Moderator, ALASKA_CHAT 
--- timEd/386 1.10.y2k+