VIRUS/TROJHAN Alert 4 MSN Messenger!

[MalkoKR]

Morning,

Head-bang in the morning,

as there was - beside some nice morning-greets from a girl-friend - some unsuccessfull tries of transfering files ending with .pif from her account.

As she answered not to know about these transfer-attempts the way of thinking about a virus/trojan is near...

This is hardened by the filename ending with .pif (which is not being seen while transfer-attempt), the unique size of 185KB and the kind of filenames.

the names files were:

ROFL.PIF,

new_webcam.pif

LMAO.PIF

naked_drunk.ipif

underware.pif

be aware to keep your virus-scanner updated and request information from sender if messenger attemps to deliver an unwanted file you do not got information about before.

kind regards

Malko

[prathapml]

What you mean to say is unclear....

But if this post is a public warning, thanks for the post Malko!

Also, I'd like to add that lot of worms are now infecting people using .PIF extension.

The main problem is .PIF is an executable format - but its not actually a file, its only DOS properties of an EXE. A normal .pif should never be more than 2 KB (max.) in size.

Many worms are making use of the .EML file extension to spread too.

The solution is to de-activate both these hostile formats, as it is unlikely that those 2 extensions would ever be used in a normal environment. Here's the commands you need to run in a CMD window to de-activate this vulnerability:

assoc .pif=txtfile
assoc .eml=txtfile

That's all, you are safe now.