Flash Posted July 2, 2003 Posted July 2, 2003 Right, i opened up an e-mail from my mums work collegue, it was a win zip file with a file format .pif inside it. I was asked to try and open it, at first i thought it was a Windows 3.1 format .pif so tried opening it. I opened it, nothing happened. Me drive spun, as per but nothing happened. Btw, i had my Outlook open at the time. Now, i open outlook to check my e-mails... I send/recieve and get an e-mail from my freind named 'application' same as the one i got form my mums work collegue. With the same file attached 'your_details.zip'. I scanned with Norton and it picked up nothing (i have 2002 but not with updated definitions as i havent re-newed my subscription). Any ideas what this thing is?!That actual filename in the .zip file is 'details.pif'. Cheers, Flash.
Flash Posted July 2, 2003 Author Posted July 2, 2003 I just searched my Hard Drive for any files named 'detail.pif'. I found one:DETAILS.PIF-1AA87EDF.pf Location: C:\WINDOWS\PrefetchSize: 12KBType: PF FileDate Modified: 02/07/2003 15:32 (Today). Hellllllllllp me
AlmondScar Posted July 2, 2003 Posted July 2, 2003 .pif? You utter dumbass ! Anyone who had barin doesn't open .pif attachments! youve landed yerself a virus, lemme see if i can look it up.
zivan56 Posted July 2, 2003 Posted July 2, 2003 http://www.symantec.com/avcenter/venc/data...son.c.worm.html might be the one...
AlmondScar Posted July 2, 2003 Posted July 2, 2003 You have sobig.ehttp://www.europe.f-secure.com/v-descs/sobig_e.shtml
AlmondScar Posted July 2, 2003 Posted July 2, 2003 Delete your address book, quick! ive just read it fowards it self on!
AlmondScar Posted July 2, 2003 Posted July 2, 2003 You have sobig.ehttp://www.europe.f-secure.com/v-descs/sobig_e.shtmlSpreading in e-mails The worm spreads itself in e-mails. The infected message is composed by the worm from different, randomly selected subjects, a fixed message body and different, randomly selected attachment names. The worm's file is sent inside a ZIP archive attached to an infected message. The worm has the following subjects hardcoded in its body: referer.pif 004448554.pif re.document.pif new_document.pif submited.pif Screensaver.scr movie.pif Applications.pif Application.pif Your application Re: Re: Document Re: Re: Application ref. 003644 Re: Documents Re: Screensaver Re: Submited (Ref: 003746) Re: Movies Re: Movie Re: ApplicationThe worm has the following attachment names hardcoded in its body. The worm's executable file name that is sent in an archive is given in brackets: Movie.zip (Movie.pif) screensaver.zip (sky_world.scr) document.zip (document.pif) application.zip (application.pif) your_details.zip (details.pif)However, so far we only saw messages with the following characteristics: Subject: Re: Applicationor Re: MovieBody: Please see the attached zip file for details.Attachment: your_details.zipThe attachment contains the worm's file with DETAILS.PIF name. The fact that the worm uses only 2 subjects and 1 attachment name indicates that the randomizing routine of the worm has a bug. Here's a screeshot of an infected message sent by the worm:
rik Posted July 2, 2003 Posted July 2, 2003 It's a W32.SOBIG variant...probably W32.SOBIG.E@mmhttp://securityresponse.symantec.com/avcen...sobig.e@mm.htmlSymantec does have a removal tol you can download...
amdphr3@kXP Posted July 2, 2003 Posted July 2, 2003 yup, i got the same thing from an address that was supposed to be from microsoft. Luckily i read an article on neworder.box.sk on it the day before so i knew what it was . I got AVG atm and it lets worms thru, it sux
XPerties Posted July 2, 2003 Posted July 2, 2003 On emax hosting mail I get about 4-5 of these a day. I am not infected but I still get the zip files. Delete Delete, all day long.
Flash Posted July 2, 2003 Author Posted July 2, 2003 w00t, thanks guys and gals The virus gone Used that removal tool... The worm actually expires soon i think anyway, so i heard, lol...Thanks anyways.
AlmondScar Posted July 2, 2003 Posted July 2, 2003 yeah, it doesnt expire, but it stops multiplying itself on the 15th of july
gamehead200 Posted July 2, 2003 Posted July 2, 2003 I get viruses in my e-mail everyday, but my virus scanner picks them up and deletes them...I've gotten the SOBIG, the YAHA, the KLEZ, and the LOVELETTER viruses! All deleted!
AlmondScar Posted July 2, 2003 Posted July 2, 2003 ive got klez, yaha, bug bear, and palyh, the microsoft fake one. one was in a loveletter'dear mary'its john hre, hope you had great fun the other night on the beach strole...eh? lol
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now