Jump to content

I think i have a Virus :)

Flash
 Share

Recommended Posts

Flash

Flash

Posted
Posted

Right, i opened up an e-mail from my mums work collegue, it was a win zip file with a file format .pif inside it. I was asked to try and open it, at first i thought it was a Windows 3.1 format .pif so tried opening it.

I opened it, nothing happened. Me drive spun, as per but nothing happened. Btw, i had my Outlook open at the time.

Now, i open outlook to check my e-mails... I send/recieve and get an e-mail from my freind named 'application' same as the one i got form my mums work collegue. With the same file attached 'your_details.zip'.

I scanned with Norton and it picked up nothing (i have 2002 but not with updated definitions as i havent re-newed my subscription). Any ideas what this thing is?!

That actual filename in the .zip file is 'details.pif'.

Cheers, Flash.

Link to comment
Share on other sites

Flash

Flash

Posted
  • Author
Posted

I just searched my Hard Drive for any files named 'detail.pif'. I found one:

DETAILS.PIF-1AA87EDF.pf

Location: C:\WINDOWS\Prefetch

Size: 12KB

Type: PF File

Date Modified: 02/07/2003 15:32 (Today).

Hellllllllllp me :)

Link to comment
Share on other sites
AlmondScar

AlmondScar

Posted
Posted

Spreading in e-mails

The worm spreads itself in e-mails. The infected message is composed by the worm from different, randomly selected subjects, a fixed message body and different, randomly selected attachment names. The worm's file is sent inside a ZIP archive attached to an infected message.

The worm has the following subjects hardcoded in its body:

referer.pif

004448554.pif

re.document.pif

new_document.pif

submited.pif

Screensaver.scr

movie.pif

Applications.pif

Application.pif

Your application

Re: Re: Document

Re: Re: Application ref. 003644

Re: Documents

Re: Screensaver

Re: Submited (Ref: 003746)

Re: Movies

Re: Movie

Re: Application

The worm has the following attachment names hardcoded in its body. The worm's executable file name that is sent in an archive is given in brackets:

Movie.zip (Movie.pif)

screensaver.zip (sky_world.scr)

document.zip (document.pif)

application.zip (application.pif)

your_details.zip (details.pif)

However, so far we only saw messages with the following characteristics:

Subject:

Re: Application

or

Re: Movie

Body:

Please see the attached zip file for details.

Attachment:

your_details.zip

The attachment contains the worm's file with DETAILS.PIF name. The fact that the worm uses only 2 subjects and 1 attachment name indicates that the randomizing routine of the worm has a bug.

Here's a screeshot of an infected message sent by the worm:

sobig_e.gif

Link to comment
Share on other sites
amdphr3@kXP

amdphr3@kXP

Posted
Posted

yup, i got the same thing from an address that was supposed to be from microsoft. Luckily i read an article on neworder.box.sk on it the day before so i knew what it was :) . I got AVG atm and it lets worms thru, it sux

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...