PIF Files Out The Wazoo

[Ben E Lou]

I've gotten about 15 e-mails already today that look like virus-type e-mails with PIF files attached to them. I've opened none of them of course. Is this that big windows virus? The latest one has the attachment: thank_you.pif attached. What gives?

[Alan T]

Do NOT open!!

[Alan T]

Dola.. Just wanted to get that out quickly instead of wasting time on an explanation..

That is the Sobig virus going around. If you double click or open one of those .pif attachments, it will infect your system as well and start spreading... You probably should let those who sent it to you know that their machines may be infected, and it wouldn't hurt for you to run a quick virus scan on your own system just to be sure. (You should be safe if you did not open it)

[dacman]

It's the lastest mass emailing worm (not the recent blaster virus).

[JonInMiddleGA]

I've already posted about this elsewhere, so I'll chime in here too I guess.

This is easily the most prolific virus I have ever seen. I've deleted some three dozen of these already & they're still arriving at a rate of about 2 an hour. Looks like Sobig.f may join it's cousins .a & .b on the top ten virii of all-time.

[Ksyrup]

I left to grab lunch at 11:45 and came back around 12:20, and had 15 messages to delete. Our office is getting hit big time.

[Alan T]

Prolific...that is an understatement.

So far in 2 days, the sobig worm has accounted for a little over 45,000 emails that I have caught in my virus filters. Thats good for about 72% of all virus activity this entire week (and the bulk of that was just in 2 days time)

[Fritz]

I lost my wazoo in a freak batting machine accident back in 1979.

[SplitPersonality1]

Quote:

PIF Files Out The Wazoo

Ouch. That can't be healthly.

[FrogMan]

Quote:

Originally posted by Alan T
You probably should let those who sent it to you know that their machines may be infected, and it wouldn't hurt for you to run a quick virus scan on your own system just to be sure. (You should be safe if you did not open it)

Alan, correct me if I'm wrong, but is it possible that a virus like that can kind of fake the sender's email address. I mean I'm getting it from people I don't know, at all...

FM

[JHandley]

The biggest problem I've got is that I'm getting HUGE numbers of e-mails from people telling me that I've got it and to stop sending it to them. What's happening is, it's spoofing addresses from our website and using that as the To address. So my users are getting 10-15 e-mails an hour saying that we've sent so-and-so the virus. But, the e-mail is addressed to boxes that don't send outbound mail.

[Alan T]

Yes, that is possible. (I do not recall if this is a virus that does that off the top of my head) Generally the only way to find out who has the virus in those cases is to figure out what you have in common with the other side and who might be a likely candidate... If you do not even know who the address is, then it probably is not worth your time, and you should just delete the message and move on.

Even though those mails fake the sender's addresses, the information on where it is sent from still remains inside the email, so if you are technically apt and have time, you can find out that information and contact the real sender.. As an example I once had one that was addressed from someone in one of my ootp leagues, but the mail header led me to who the correct person was (Someone else in the same league).

If you don't have time or desire though, you should probably just delete it and move along..

[Alan T]

Quote:

Originally posted by JHandley
The biggest problem I've got is that I'm getting HUGE numbers of e-mails from people telling me that I've got it and to stop sending it to them. What's happening is, it's spoofing addresses from our website and using that as the To address. So my users are getting 10-15 e-mails an hour saying that we've sent so-and-so the virus. But, the e-mail is addressed to boxes that don't send outbound mail.

Right, the way email worms that spoof the sender usually work is as follows:

1) Person gets infected with the worm

2) The worm opens the user's address book (because the user chose to never patch their applications for known vulnerabilities).

3) Once the worm has the address book open, it picks two names from the address book. One becomes the sender, one becomes the receiver on the email it sends out.

4) once done, it goes through that process again with new individuals.



So when you get a worm that does this, basically you were in the same person's address book as the sender was.

[heybrad]

Heres a link to an article that explains whats going on today.

Article here

Also... as others have said, even though it spoofs the address(as far as the person), it doesnt spoof the SMTP details. You can look at the message source of an email and get a better idea of where it actually came from.

[Ksyrup]

Are we sure this is the Sobig virus, or could this be the work of mrskippy's attorney?

[JonInMiddleGA]

With our number of IT pros & other 'net gurus around here, I figure I'll ask ... is this an "Outlook only" virus or are Netscape/Mozilla/other email programs vulnerable as well?

As I understand how this works, I believe it's the latter. But I'm feeling a little better since I've got my Netscape mail pgm set to never auto-open attachments, so I should be safe as I long I don't double-click anything. Right?

[Fritz]

Quote:

Originally posted by JonInMiddleGA
I should be safe as I long I don't double-click anything. Right?

you should be

[heybrad]

If you have all of the updates to Outlook Express no attachment would autorun.

I have people in our office who do everything they can to try and run these attachments even when their virus checker kicks in and when I ask them why they would click on something that they have no clue what it is or who its from, they respond... "How am I going to find out what it is unless I click on it?"

Stupidity knows no boundaries in my office.

[Ksyrup]

That's something that's always confused me...if you don't know who it's from and/or what it's about, why would you open it?

I handle all incoming email by following these three rules:

If it's from someone in my office, I call them and ask them what it is. If it's from someone I know but I don't recognize the subject, I send them a separate email and ask them what it is. If it's from someone I don't know and has an attachment, I delete the f*cker.

[Easy Mac]

My school had to set up new filters today to block all image attachments because the server was getting hit with so many emails.

[JonInMiddleGA]

While we're on the subject, what the heck (other than an extension that's connected to this virus) is a .pif or .src file anyway?

[heybrad]

Quote:

Originally posted by JonInMiddleGA
While we're on the subject, what the heck (other than an extension that's connected to this virus) is a .pif or .src file anyway?

.PIF = Program Information File
.SRC = A file used in the creation of .INI files for configuration settings.

[Ben E Lou]

Yeah....I'm up to three or four per hour now.

[mrskippy]

I haven't got one.

Having good ol' Norton check each and every e-mail that comes my way sure helps. If it's a virus infected message, Norton chucks it.

[sabotai]

mrskippy, nobody likes you, so you're not in anyone's address book. That's why you haven't gotten one.

[FBPro]

I've gotten roughly 50-60 in the last day.

[mrskippy]

Quote:

Originally posted by sabotai
mrskippy, nobody likes you, so you're not in anyone's address book. That's why you haven't gotten one.

I'm in lots of address books. Just not anyone at FOFC, which makes me happy. Because it's not right for a guy to be in a guy's address book. Unless your Subby or John Galt.

[Buccaneer]

How does our village idiot keeps causing so much loss of brain cells?

[mrskippy]

Quote:

Originally posted by Buccaneer
How does our village idiot keeps causing so much loss of brain cells?

How come you don't know how to type?

[illinifan999]

Quote:

Originally posted by mrskippy
How come you don't know how to type?

Loss of said brain cells.

[mrskippy]

If you guys are getting this many virus hits you may want to check your virus definitions. And make sure Norton is set to kill.

[mrskippy]

Dola.

I shouldn't say I haven't got any. I just never see them. Because of the way my settings are.

According to my logs I've got several dozen.

Oh, and I've also got something even better, Denial Of Service attacks on my PC.

[SirFozzie]

What it does is: takes an effected machine, and scans their Outlook box and all their cached web pages for email addresses.

It "spoofs" (or pretends to be) one of the email addresses and sends out to all the other emails it can find.

So do NOT report such email, they're just an innocent bystander

[Buccaneer]

Three advice:

1. Install a router with a hardware firewall (not a software firewall).

2. Switch to a more secure email account that can actively block most things (like AT&T).

3. Keep up with the Windows Update.

As long as you don't do something stupid with any emails that do come through or download any crap, you don't even need a virus checker if follow the three advice above. It's good to have one just in case but it's better to stop the disease before it hits than to treat the problem it can cause.

[mrskippy]

That's good advice Buc. I've got a firewall on my router, than I've got Norton Internet Security. I have Windows automatically update on its own. And I have Norton Antivirus. The Norton software is kept up to date, as are teh definitions.

The one thing from what I understand is this or another current virus tries to do port scans for the purpose of doing a denial of service attack. This is what I was getting over the weekend. Fortunately my dual firewall stopped it.

I was reading last night that because of all these viruses of the past week or two the Internet has at times slowed down and its been tough to reach certain sites.

[Ben E Lou]

Ummmm....BAD IDEA!!! If I installed a firewall and blocked everything, then I'd never know which of the soccer moms in my community that I'd never want to hire as my part-time secretary or do volunteer data entry in my office!!! When I get a virus e-mail from one of 'em (a whole bunch from said soccer moms today), I just cross 'em off the call list.

[mrskippy]

Those pesky soccer moms!!!

Rule #1: Never let women open e-mail. They'll open anything.

You don't have to set the firewall to block everything. For example, I give it full permission to treat this site as "friendly" meaning that SkyDog could install malicious script on this forum and the firewall would allow it.

[Ben E Lou]

Dola.....

I also cross them off the list when I get a "if you are not ashamed of Jesus, then you'll forward this message along to at least 10 people" e-mail.

No thank you, very much. If you love Jesus, you'll live a life that honors him and speaks of his presence in your life. You'll love others into the Kingdom of God, not attempt to annoy them into the Kingdom.

[mrskippy]

Quote:

Originally posted by SkyDog
Dola.....

I also cross them off the list when I get a "if you are not ashamed of Jesus, then you'll forward this message along to at least 10 people" e-mail.

I hate chain e-mail!!!

[SplitPersonality1]

Quote:

Originally posted by SkyDog
If you love Jesus, you'll live a life that honors him and speaks of his presence in your life. You'll love others into the Kingdom of God, not attempt to annoy them into the Kingdom.

LOL. Love this quote. I think I might pass this along to our pastor. i think he will get a big kick out of it.

[cuervo72]

Are you saved yet?
Yes.
Are you saved yet?
Yes.
Are you saved yet?
YESSSSS!

[mrskippy]

Quote:

No thank you, very much. If you love Jesus, you'll live a life that honors him and speaks of his presence in your life. You'll love others into the Kingdom of God, not attempt to annoy them into the Kingdom.

One of the Jerusalem Post columnists had an interesting piece the other day about the relationship between Jews and Christians in the defense of Israel in its fight with the Arabs. Basically it talked about how some Jews believe Christians side with Israel because they want to see the end time battle. And how other Jews merely say the Christians are just out to convert them.

But the author of the article went on to say there are many Christians who lay down the idea of conversion and just trying to bring on the end of the world in favor of just doing the right thing, admitting that Israel is the land God gave to the Jews.

Amazing how just being yourself can have on improving relations. The writer did a very nice job.

Unfortunately the story is only available through paid archives now or I would link to it. It was only from last Friday, which surprises me since most news sites keep it free for a week.

If I can find it, I'll link to it. It's really an excellent read.

[sony]

how come i never get emails like this... can it be that aol filters this out ... i am on a aol addy

[MizzouRah]

DO NOT forget this link either:

Microsoft office product updates


1. Update virus updates weekly, if you have NAV do this on Wednesday as this is the day new virus updates come out unless a major virus pops up.

2. Run Microsoft windows update at least once a week and install ALL securtiy updates.

3. Run the link above to make sure all your office products are up to date.


As posted before, use a firewall if you have cable or DSL. A router usually has a built in firewall, ie: Linksys. Disable file and printer sharing on your network connection, especially if your a single pc user at home and use cable or DSL.

Read the book I just mentioned above, it really has some insight on how viruses make it onto your pc.


Todd

[mrskippy]

Quote:

Originally posted by MizzouRah

2. Run Microsoft windows update at least once a week and install ALL securtiy updates.

There is a feature in Windows Update where you can have it automatically search for and download updates. When these updates are ready to install, a little Icon will appear in the task manager/bar thing in the lower right corner. And a little bubble will pop up saying new updates are ready.

Sometimes it goes awhile without a critical update. Other times, like it is now with these viruses and security flaws, it's more frequent.

However, you'll still need to use Windows Update for those non-critical updates. But you don't need to run that as often. Usually these are for new versions of IE, Media Player, Messenger, etc., drivers, or other non-essential items.

The critical updates are the most important thing.

[MizzouRah]

I hate having Windows do anything on its own. It's a regular process for me on Saturday mornings and with DSL only takes about 5 mins.

1, 2, 3, done.



Todd