I just looked back at the one I got back in June. I noticed something interesting but being that I am not that familiar with the footers on emails and it has been so long I won't post exactly what it said. It could be out of date and the person may already have checked and cleaned his system. It would be more valuable to know, who is on the most recent mails? What I found is that there is a line, first one on the footer, that said "Return-Path: ". There was a recognizable email address from a 3rd chipper. That makes 3 different addresses on the mail (To(1) From(2) and Return-Path(3)). If I understand it, that may be the actual sender of the email and possibly the person that was infected. Could I be right? The person that I got the email from, when I notified him, explained that he was nowhere near his computer that weekend and had fully checked his system since then. I, coincidentally, was in Vegas when the mail arrived and hadn't actually opened it for several days from when it was sent. The 11th, I think. Anyways, He was clean. I think he mentioned the Return Path but it didn't register to me at the time.

Therefore, everyone who is getting these mails right now, Check your Return Paths and see if they match the Sender address. Also, you might compare to see if they are the same as the return paths on other infected mail. It would then be interesting to compare the mail from different senders and see if they all have the same return paths. I have seen several posts about this in the last week or two and going back to the middle of June. There have been several different senders listed on these mails. One I recall used Jill's email.

If the mail in question, even when having different senders, all have the same "Return-Path: " than that might point at who needs to check their system.