[plug] New virus?
Craig Ringer
craig at postnewspapers.com.au
Fri Dec 6 12:53:53 WST 2002
>>>><HTML><HEAD></HEAD><BODY>
>>>><iframe src=cid:HAZt46g6 height=0 width=0>
>>>></iframe>
> ACPartE-F[1].pif audio/x-wav (huge)
v.strange ; PIF files are windows 3.11 ickyness, somewhat like a win32
".lnk" file but even uglier and clumsier, + were only used for providing
info to windows about execution parameters for a program. They're common
virus vectors, but how could one be that large?
I have noticed a lot of viri with a PIF file and IFRAME exploit coming
in on our link recently. Of course they all use randomized file names
now so I can't easily check if the ones I'm seeing are related, there
are lots of viri that use PIF files.
Ha - the day one gets past my generalized "block .exe .pif .bat .scr
.vbs .js .com .dll .386" rule, I'll be surprised. Most of our users are
too stupid to unpack a ZIP file ;-)
--
Craig Ringer
GPG Key Fingerprint: AF1C ABFE 7E64 E9C8 FC27 C16E D3CE CDC0 0E93 380D
-- if it ain't broke, add features 'till it is. (or:)
while (! broken) { features ++ ; broken = isBroken(features) }
More information about the plug
mailing list