Virus Alert - Back on line after e-mail virus. 
Author Message
 Virus Alert - Back on line after e-mail virus.

Dear All,
        I just got an unidentified e-mail virus. It was called
"sand_tuts.zip.pif" but was  not identified by McAfee.
Do watch out these ".pif" viruses can be activated by saving to a directory,
copying, deleteing, etc. There must be undocumented behaviour in pif files !
        Do watch out I had to reload my system. Another possible virus on my
Win98 machine turned the McAfee's program a horrible combination of colours
(it could have been a bug, but I doubt it). This happened when downloading
McAfee on to the machine. So be warned !
        Another interesting thing MS'es Windows 2000 Service Pack #2 is 60
Megabytes, I have been on line now for four hours or so. Good efficient code
no doubt :)
        Yours Sincerely,
                Aaron Gray


Fri, 23 Jan 2004 07:58:20 GMT  
 Virus Alert - Back on line after e-mail virus.


Quote:
> Dear All,
>         I just got an unidentified e-mail virus. It was called
> "sand_tuts.zip.pif" but was  not identified by McAfee.

Just never open/execute anything that comes from somebody you don't know or
if you know the sender but (s)he's not mentioned anything about the
attachment. Also never open/execute anything that has .bat, .com, .exe, .pif
(maybe something else) in the name as well as documents that can have active
content inside that would be executed upon opening. Among such ones is .doc,
though I guess you can check such a file (if you're interested in it) using
an up-to-date anti-virus program. That's all more or less easy.

Good Luck
--
Alexei A. Frounze
http://alexfru.chat.ru | http://alexfru.dax.ru
http://members.xoom.com/alexfru/
http://welcome.to/pmode/



Fri, 23 Jan 2004 16:56:00 GMT  
 Virus Alert - Back on line after e-mail virus.
Dixitur de Aaron Gray respondebo ad:

Quote:
>Dear All,
>        I just got an unidentified e-mail virus. It was called
>"sand_tuts.zip.pif" but was  not identified by McAfee.
>Do watch out these ".pif" viruses can be activated by saving to a directory,
>copying, deleteing, etc. There must be undocumented behaviour in pif files !

Heh? My pine can save them even to /bin and they won't do any damage :)

Quote:
>        Do watch out I had to reload my system. Another possible virus on my
>Win98 machine turned the McAfee's program a horrible combination of colours
>(it could have been a bug, but I doubt it). This happened when downloading
>McAfee on to the machine. So be warned !

McAffe (Affe = ape? monkey?)

Quote:
>        Another interesting thing MS'es Windows 2000 Service Pack #2 is 60
>Megabytes, I have been on line now for four hours or so. Good efficient code
>no doubt :)

Really kidding... *plonk*

Quote:
>        Yours Sincerely,
>                Aaron Gray

Don't take me too serious, but I couldn't resist.
X-User-Agent: pine/4.33 openbsd/2.9-current
-mirabilos
--
 C:\>debug
 -e100 EA F0 FF 00 F0
 -g
--->Enjoy!


Fri, 23 Jan 2004 22:56:01 GMT  
 Virus Alert - Back on line after e-mail virus.


| >        Another interesting thing MS'es Windows 2000 Service Pack
#2 is 60
| >Megabytes, I have been on line now for four hours or so. Good
efficient code
| >no doubt :)
|
| Really kidding... *plonk*

What the f*ck have you plonked Aaron for??

| Don't take me too serious, but I couldn't resist.
| X-User-Agent: pine/4.33 openbsd/2.9-current

Smug Linux &()*%&(*"



Sat, 24 Jan 2004 01:56:02 GMT  
 Virus Alert - Back on line after e-mail virus.


Quote:


> Just never open/execute anything that comes from somebody you don't know or
> if you know the sender but (s)he's not mentioned anything about the
> attachment. Also never open/execute anything that has .bat, .com, .exe, .pif
> (maybe something else)

.lnk (shortcut, later .pif, basically) .scr (screen saver) .dll - maybe -
.vbs .js etc... Although, a long time ago someone in a security NG was showing
how to disguise file types:
- readme.txt.exe and have standard textfile icon as your program's icon
- create a word *.doc virus, rename to *.rtf (some scanners didn't check rtf
    files - they can't contain viruses, but Word treats files the same
    independant of extension)
- at one point, having an attachment with a name over 50(?) characters caused
    OE to automatically execute it and reboot your PC.
Quote:
> in the name as well as documents that can have active
> content inside that would be executed upon opening. Among such ones is .doc,
> though I guess you can check such a file (if you're interested in it) using
> an up-to-date anti-virus program. That's all more or less easy.

> Good Luck
> --
> Alexei A. Frounze
> http://alexfru.chat.ru | http://alexfru.dax.ru
> http://members.xoom.com/alexfru/
> http://welcome.to/pmode/



Sat, 24 Jan 2004 02:37:46 GMT  
 Virus Alert - Back on line after e-mail virus.
some guy, from \"that oil company\" which kills cute fluffy animals for

Quote:





>>Just never open/execute anything that comes from somebody you don't know or
>>if you know the sender but (s)he's not mentioned anything about the
>>attachment. Also never open/execute anything that has .bat, .com, .exe, .pif
>>(maybe something else)

> .lnk (shortcut, later .pif, basically) .scr (screen saver) .dll - maybe -
> .vbs .js etc... Although, a long time ago someone in a security NG was showing
> how to disguise file types:
> - readme.txt.exe and have standard textfile icon as your program's icon
> - create a word *.doc virus, rename to *.rtf (some scanners didn't check rtf
>     files - they can't contain viruses, but Word treats files the same
>     independant of extension)
> - at one point, having an attachment with a name over 50(?) characters caused
>     OE to automatically execute it and reboot your PC.

Not forget the following executables

..fon
..ttf
..386
..sys
..vxd

Tom



Sat, 24 Jan 2004 09:10:29 GMT  
 Virus Alert - Back on line after e-mail virus.

Quote:

> | Don't take me too serious, but I couldn't resist.
> | X-User-Agent: pine/4.33 openbsd/2.9-current

> Smug Linux &()*%&(*"

Tim, his using OpenBSD... But then again, he is a smug for saying that...
Smug OpenBSD &()*%&(*"

Chewy509...



Sat, 24 Jan 2004 17:56:00 GMT  
 Virus Alert - Back on line after e-mail virus.

| > | Don't take me too serious, but I couldn't resist.
| > | X-User-Agent: pine/4.33 openbsd/2.9-current
| > Smug Linux &()*%&(*"
| Tim, his using OpenBSD... But then again, he is a smug for saying
that...
| Smug OpenBSD &()*%&(*"

Can I post using Outlook Express *and* be smug? :)

A simple...

begin 123 filename.txt
end

...is all that's needed to take *me* down...



Sat, 24 Jan 2004 21:56:03 GMT  
 Virus Alert - Back on line after e-mail virus.


Quote:
> Not forget the following executables

> ..fon
> ..ttf
> ..386
> ..sys
> ..vxd

> Tom

Were you ever a [semi-]regular at news.grc.com?
Your name sounds (looks) familiar.
hmm

-Campster



Sat, 24 Jan 2004 23:22:46 GMT  
 Virus Alert - Back on line after e-mail virus.
Dear Alexei,
    Just tryed to isolate it to identify it with McAfee, but as I said just
saving it to an empty directory, then opening the directory was enough to
envoke it ! That is the point I was trying to make.
    Yours Sincerely,
        Aaron Gray



Quote:


> > Dear All,
> >         I just got an unidentified e-mail virus. It was called
> > "sand_tuts.zip.pif" but was  not identified by McAfee.

> Just never open/execute anything that comes from somebody you don't know
or
> if you know the sender but (s)he's not mentioned anything about the
> attachment. Also never open/execute anything that has .bat, .com, .exe,
.pif
> (maybe something else) in the name as well as documents that can have
active
> content inside that would be executed upon opening. Among such ones is
.doc,
> though I guess you can check such a file (if you're interested in it)
using
> an up-to-date anti-virus program. That's all more or less easy.

> Good Luck
> --
> Alexei A. Frounze
> http://alexfru.chat.ru | http://alexfru.dax.ru
> http://members.xoom.com/alexfru/
> http://welcome.to/pmode/



Sun, 25 Jan 2004 07:56:01 GMT  
 Virus Alert - Back on line after e-mail virus.

Quote:

> Dear Alexei,
>     Just tryed to isolate it to identify it with McAfee, but as I said
just
> saving it to an empty directory, then opening the directory was enough to
> envoke it ! That is the point I was trying to make.
>     Yours Sincerely,
>         Aaron Gray

Oh, thanks for the post, then...because someone tried (pathetically badly)
to send me a virus (they put the extension ".txt.exe" and, I suppose,
depended on that automatic default in Windows to hide file extensions (which
I can't see any programmer not wanting to turn off immediately...not only to
spot these sorts of things but it's a right royal pain in the bum in loads
of situations :))...and I would have assumed .pif was an ok thing to put in
a directory, as long as it wasn't executed directly...but now I know
different...{*filter*}y MS...

Although, and this is majorly tempting fate (*touching every piece of wood
in sight* hehehe ;), but I've actually _never_ caught a virus ever...and I
don't just mean on a PC but also on my old Atari ST as well (well, ok, two
exceptions that I wouldn't say counted...there was an anti-virus virus on
the Atari ST that basically filled the bootsector - and I assume (should
really have checked :) that it's designed to only run if it has _zero_
modifications...the idea, I guess, was that a virus would have no room to
infect the bootsector...anyway, goodness knows if this strategy worked but
it was on a friend's machine and I let it run on mine (but I made sure not
to let it infect any further...it copied itself from disk to disk like a
virus would...actually, maybe that was the idea...that it would overwrite
any virus that manage to get onto the bootsector with a proper working
bootsector...anyway, I only let it infect memory and rebooted properly to
make sure it was dead before I did anything else...so, that hardly counts,
does it? :)...and, also, there was a virus on a PC at my college...but this
was nothing to do with me at all...but, in a sense, it was "my" computer (as
in: the computer I was using...I had no ownership over it :) that caught a
virus...basically, I'm ludicrously careful and just plain lucky,
apparently...because I should have met a virus in all that time...

Although, that's probably a totally stupid thing for me to have said, yes?
Now, some sad script-kiddy will try his best to infect my machine or
something...ah well, a decade or so is impressive enough a record for a
programmer who uses her computer all the time, anyway...must immediately
back things up now I've posted this...hehehe ;)...

Beth:)



Wed, 04 Feb 2004 13:56:03 GMT  
 
 [ 11 post ] 

 Relevant Pages 

1. EMAIL VIRUS ALERT

2. Virus alert - I just got 3 mails w/ this, norton caught it

3. VIRUS VIRUS VIRUS

4. Product Support Services - Moderate Security Alert - Virus Alert: Klez-E

5. Finding senders e-mail addressfor virus mail, Filtering

6. Virus Alert

7. Virus alert

8. OT: VIRUS ALERT!

9. Virus Alert: Unwarrented?

10. Very Funny.vbs Virus Alert

11. FREE Virus Alert Newsletter

 

 
Powered by phpBB® Forum Software