email virus question

My wife uses Yahoo and she gets emails daily from lbpcutie14@yahoo.com (someone we do not know) that contain a .pif file. I’ve always just assumed its a spammer and ignored it, especially since a virus probably wouldn’t be able to send itself through someone using Yahoo (so I guessed the spammer is using a fake return address).

Well today she received an email from my sister containing a file called your_file.pif. I called my sister and she said she does use Outlook but also has Norton antivirus and the email is sent out through her work server which has protections against viruses, so this probably wouldn’t have made it through. No one else has received such an email from her either.

How could this happen? Can spammers somehow figure out who is in someone’s address book (by taking an email forward) and use that as the return address? That seems like a lot of work, so my instinct is that my sister has a virus. If so, why would it only select my wife to send an email to? And how should she go about finding/removing this virus if she already runs Norton?

Thanks.

It’s not a lot of work at all. You can put anything you want in the “from” field in an e-mail. It’s fairly common for a virus to go down through your address book and send out e-mails supposedly “from” every name in it.

A pif file is a “program information file” which was commonly used to tell windows how to run a dos program back in the days of windows 3.1. There’s not much practical use for a pif these days. I can’t think of a good reason for one of these to ever be in an e-mail. The dangerous thing is that a lot of virus programs will send a file with a name like friendlyname.jpg.pif which is a really a pif file, but if you have extensions for known file types hidden (which is the default on many systems) all you see is friendlyname.jpg, which makes you think it’s a harmless picture.

With a *.pif file you effectively have a one line *.bat file. You can specify an executable with a parameter string ang and working directory of your choice plus many other options. So if it is executed you can do a lot of damage.