I got an Email yesterday that looks suspiscious. Didn’t open the attachement, of course. I can scan it with my mail program, but I don’t know how up to date it is.
I’ve never gotten a virus, so I don’t know what to look for.
From: michaljoyner@aol.com
To: Me
Subject: Re: Your product
Date: Fri, 12 Mar 2004 17:49:00 -0800
Here is the file.
Attachment
your_product.pif
.pif file
It is highly likely to be a bad program. I don’t know how you define what makes something a virus, but I do know that that is not something you want to click on.
It looks very familiar as the type of trick e-mail virus writers like to use. delete it.
Generally if you are suspicious of something you’ve recieved you are probably right to be suspicious of it. your ‘your product.pif’ is a perfect example.
.PIF files are Program Information Files. These can only call DOS excutables, and can supply command-line parameters for them, as well as define some of the operating parameters. As such, it can only run a DOS-based executable that’s already on yoru system (e.q., FORMAT.EXE). You can open it for editing and see what the command line is. If you don’t feel comfortable doing so, go ahead and forward it to me, and I’ll see what’s in it.
If I remember correctly PIFs were the shortcuts of early windows. and you could double-click them to run the program they call. wouldn’t that still happen? in other words if one called ‘format.exe’ wouldn’t it still be potentially unsafe?
SobigF, to take an example, spoofs any of the following attachment names:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBIG.F
Very. In fact it could call FORMAT C: /U which would unconditionally format the drive.
I think that’s netsky… you can check at symantec.com, searching on the subject line of the email or the name of the attachment and it’ll tell you if it’s a known virus. I say I think it’s netsky because I had that come through (and get fielded by my virus filter) this week and it looks the same.
Q.E.D.- I’m a`sending it your way.
No mail yet.
There is a virus called Netsky.d doing the rounds at the moment. More information can be found at the Symantec Netsky.d web page. I’ve had a quick look at the site. The subject and attachment name on your message look like they could be Netsky.d or a variant. Q.E.D. may be able to confirm this when he gets a copy of your message.
I’m sick of Netsky - my virus checker has detected about 12 inbound copies of this virus in the last week.
Idlewild how did I not see your post? You said everything I said only 13 hours earlier. Must drink more coffee to wake up. I suppose I tried to pin it down and provided a link… Yeah, that’s it. 
Q.E.D.- Huh, I sent it to the Email in your profile. Is it different now?
Sending again.