Flash Posted July 2, 2003 Share Posted July 2, 2003 Right, i opened up an e-mail from my mums work collegue, it was a win zip file with a file format .pif inside it. I was asked to try and open it, at first i thought it was a Windows 3.1 format .pif so tried opening it. I opened it, nothing happened. Me drive spun, as per but nothing happened. Btw, i had my Outlook open at the time. Now, i open outlook to check my e-mails... I send/recieve and get an e-mail from my freind named 'application' same as the one i got form my mums work collegue. With the same file attached 'your_details.zip'. I scanned with Norton and it picked up nothing (i have 2002 but not with updated definitions as i havent re-newed my subscription). Any ideas what this thing is?!That actual filename in the .zip file is 'details.pif'. Cheers, Flash. Link to comment Share on other sites More sharing options...
Flash Posted July 2, 2003 Author Share Posted July 2, 2003 I just searched my Hard Drive for any files named 'detail.pif'. I found one:DETAILS.PIF-1AA87EDF.pf Location: C:\WINDOWS\PrefetchSize: 12KBType: PF FileDate Modified: 02/07/2003 15:32 (Today). Hellllllllllp me Link to comment Share on other sites More sharing options...
AlmondScar Posted July 2, 2003 Share Posted July 2, 2003 .pif? You utter dumbass ! Anyone who had barin doesn't open .pif attachments! youve landed yerself a virus, lemme see if i can look it up. Link to comment Share on other sites More sharing options...
zivan56 Posted July 2, 2003 Share Posted July 2, 2003 http://www.symantec.com/avcenter/venc/data...son.c.worm.html might be the one... Link to comment Share on other sites More sharing options...
AlmondScar Posted July 2, 2003 Share Posted July 2, 2003 You have sobig.ehttp://www.europe.f-secure.com/v-descs/sobig_e.shtml Link to comment Share on other sites More sharing options...
AlmondScar Posted July 2, 2003 Share Posted July 2, 2003 Delete your address book, quick! ive just read it fowards it self on! Link to comment Share on other sites More sharing options...
AlmondScar Posted July 2, 2003 Share Posted July 2, 2003 You have sobig.ehttp://www.europe.f-secure.com/v-descs/sobig_e.shtmlSpreading in e-mails The worm spreads itself in e-mails. The infected message is composed by the worm from different, randomly selected subjects, a fixed message body and different, randomly selected attachment names. The worm's file is sent inside a ZIP archive attached to an infected message. The worm has the following subjects hardcoded in its body: referer.pif 004448554.pif re.document.pif new_document.pif submited.pif Screensaver.scr movie.pif Applications.pif Application.pif Your application Re: Re: Document Re: Re: Application ref. 003644 Re: Documents Re: Screensaver Re: Submited (Ref: 003746) Re: Movies Re: Movie Re: ApplicationThe worm has the following attachment names hardcoded in its body. The worm's executable file name that is sent in an archive is given in brackets: Movie.zip (Movie.pif) screensaver.zip (sky_world.scr) document.zip (document.pif) application.zip (application.pif) your_details.zip (details.pif)However, so far we only saw messages with the following characteristics: Subject: Re: Applicationor Re: MovieBody: Please see the attached zip file for details.Attachment: your_details.zipThe attachment contains the worm's file with DETAILS.PIF name. The fact that the worm uses only 2 subjects and 1 attachment name indicates that the randomizing routine of the worm has a bug. Here's a screeshot of an infected message sent by the worm: Link to comment Share on other sites More sharing options...
rik Posted July 2, 2003 Share Posted July 2, 2003 It's a W32.SOBIG variant...probably W32.SOBIG.E@mmhttp://securityresponse.symantec.com/avcen...sobig.e@mm.htmlSymantec does have a removal tol you can download... Link to comment Share on other sites More sharing options...
amdphr3@kXP Posted July 2, 2003 Share Posted July 2, 2003 yup, i got the same thing from an address that was supposed to be from microsoft. Luckily i read an article on neworder.box.sk on it the day before so i knew what it was . I got AVG atm and it lets worms thru, it sux Link to comment Share on other sites More sharing options...
AlmondScar Posted July 2, 2003 Share Posted July 2, 2003 Palyh or something, right? Link to comment Share on other sites More sharing options...
XPerties Posted July 2, 2003 Share Posted July 2, 2003 On emax hosting mail I get about 4-5 of these a day. I am not infected but I still get the zip files. Delete Delete, all day long. Link to comment Share on other sites More sharing options...
Flash Posted July 2, 2003 Author Share Posted July 2, 2003 w00t, thanks guys and gals The virus gone Used that removal tool... The worm actually expires soon i think anyway, so i heard, lol...Thanks anyways. Link to comment Share on other sites More sharing options...
AlmondScar Posted July 2, 2003 Share Posted July 2, 2003 yeah, it doesnt expire, but it stops multiplying itself on the 15th of july Link to comment Share on other sites More sharing options...
gamehead200 Posted July 2, 2003 Share Posted July 2, 2003 I get viruses in my e-mail everyday, but my virus scanner picks them up and deletes them...I've gotten the SOBIG, the YAHA, the KLEZ, and the LOVELETTER viruses! All deleted! Link to comment Share on other sites More sharing options...
AlmondScar Posted July 2, 2003 Share Posted July 2, 2003 ive got klez, yaha, bug bear, and palyh, the microsoft fake one. one was in a loveletter'dear mary'its john hre, hope you had great fun the other night on the beach strole...eh? lol Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now