Home page logo

nanog logo nanog mailing list archives

Re: Don't beat me, but i've noticed a huge influx of these .pif virii today.
From: Henry Linneweh <hrlinneweh () sbcglobal net>
Date: Tue, 19 Aug 2003 14:21:23 -0700 (PDT)

Now having personally experienced the worm myself.....
This is how it went, there was no known way to remove the worm with
any current software for the variety that I had, it was mutagenic, recognized
AVP, and other forms of disinfectors and went nuts propagating itself to the
point the only solution left was Low level format...format and reinstall
At that point we were not sure if the media itself was not damaged and
held our breath for a while, thankfully it was not and now my box is back
up and running  -minus the data that was not recoverable.
If anyone is having their techs do this, be nice to them and be kind 
because it takes about 6 hours plus to do each box completely

"Jade E. Deane" <jade.deane () riven net> wrote:
You're not seeing things. I would say you can thank "W32/Sobig.F-mm",
referenced in http://news.com.com/2100-1002_3-5065494.html.

Allow me to quote a bit from the story:

The sender appears to be someone from a recognized domain name, such as
ibm.com, zdnet.com or microsoft.com. The subject line typically says
"Re: Details," "Resume" or "Thank you." 

Attachment names may include: your_document.pif, details.pif,
your_details.pif, thank_you.pif, movie0045.pif, document_Fall.pif,
application.pif, and document_9446.pif. 


On Tue, 2003-08-19 at 15:33, Drew Weaver wrote:
Don't kill me for posting this, it may be slightly off
topic but I have noticed a very odd spike in traffic with these virii
that have .pifs attached to them. 

The subject is random.

The body always says:

"See attached file for details" and they're always a pif file.

Anyone else notice this?


ATTACHMENT part 2 application/pgp-signature name=signature.asc

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]