Don't beat me, but i've noticed a huge influx of these .pif virii today.
Don't kill me for posting this, it may be slightly off topic but I have noticed a very odd spike in traffic with these virii that have .pifs attached to them. The subject is random. The body always says: "See attached file for details" and they're always a pif file. Anyone else notice this? -Drew
Drew, You're not seeing things. I would say you can thank "W32/Sobig.F-mm", referenced in http://news.com.com/2100-1002_3-5065494.html. Allow me to quote a bit from the story: [quote] The sender appears to be someone from a recognized domain name, such as ibm.com, zdnet.com or microsoft.com. The subject line typically says "Re: Details," "Resume" or "Thank you." Attachment names may include: your_document.pif, details.pif, your_details.pif, thank_you.pif, movie0045.pif, document_Fall.pif, application.pif, and document_9446.pif. [/quote] Regards, Jade On Tue, 2003-08-19 at 15:33, Drew Weaver wrote:
Don't kill me for posting this, it may be slightly off topic but I have noticed a very odd spike in traffic with these virii that have .pifs attached to them.
The subject is random.
The body always says:
"See attached file for details" and they're always a pif file.
Anyone else notice this?
-Drew
Now having personally experienced the worm myself..... This is how it went, there was no known way to remove the worm with any current software for the variety that I had, it was mutagenic, recognized AVP, and other forms of disinfectors and went nuts propagating itself to the point the only solution left was Low level format...format and reinstall At that point we were not sure if the media itself was not damaged and held our breath for a while, thankfully it was not and now my box is back up and running -minus the data that was not recoverable. If anyone is having their techs do this, be nice to them and be kind because it takes about 6 hours plus to do each box completely -Henry "Jade E. Deane" <jade.deane@riven.net> wrote: Drew, You're not seeing things. I would say you can thank "W32/Sobig.F-mm", referenced in http://news.com.com/2100-1002_3-5065494.html. Allow me to quote a bit from the story: [quote] The sender appears to be someone from a recognized domain name, such as ibm.com, zdnet.com or microsoft.com. The subject line typically says "Re: Details," "Resume" or "Thank you." Attachment names may include: your_document.pif, details.pif, your_details.pif, thank_you.pif, movie0045.pif, document_Fall.pif, application.pif, and document_9446.pif. [/quote] Regards, Jade On Tue, 2003-08-19 at 15:33, Drew Weaver wrote:
Don't kill me for posting this, it may be slightly off topic but I have noticed a very odd spike in traffic with these virii that have .pifs attached to them.
The subject is random.
The body always says:
"See attached file for details" and they're always a pif file.
Anyone else notice this?
-Drew
ATTACHMENT part 2 application/pgp-signature name=signature.asc
Jade E. Deane wrote:
Drew, You're not seeing things. I would say you can thank "W32/Sobig.F-mm", referenced in http://news.com.com/2100-1002_3-5065494.html.
I'd like to point out that this variant is the most aggressive yet of the Sobig family. However, I think this aggressiveness is possibly a bug in the code as the delivery attempts to a single user from a single user are extremely high. This is, of course, not desired when propogating. -Jack
participants (4)
-
Drew Weaver
-
Henry Linneweh
-
Jack Bates
-
Jade E. Deane