Brace yourself people, NEW virus coming to a mailbox near you!!!

[JackBurton]

I don't know what this thing is but it got by our anti-virus system so its gotta be brand new! The payload is within a zip file and is a pif file. To take care of this thing quick, block ALL pif files at the Exchange level or just block zips files temporarily if you want to be REALLY safe.

Just giving a heads up!

 

[JackBurton]

Bump for a VERY serious issue.

 

[Platypus]

We're seeing this too, I think it's a new variant of MyDoom. It sends a zip file saying it's from the IT dept telling users to run it. These things are hilarious.

 

[FoBoT]

.

 

[brtspears2]

Been getting a lot of fakes, addressed from postmaster@domain (changed username and domain, insert whatever you are using)

Dear user username@domain,Your account was used to send a huge amount of spam during this week.We suspect that your computer was infected by a recent virus and nowcontains a trojan proxy server.Please follow our instructions in the attached file in order to keep yourcomputer safe.Virtually yours,The domain support team.

Attached file is bwcpib.pif, but of course the mail server strips all dangerous files.

 

[glugglug]

Who opens PIF files? Have you ever seen a PIF that wasn't a Virus? Not since windows 3.1 I haven't...

 

[KLin]

Symantec's writeup

 

[Anubis]

thanks for the info

Norton released new defs dated 7-26, i wonder if they have this in it

 

[Gunslinger08]

We already have tons of infected people on my school's network. Have to love computer-dumb faculty and staff.

 

[Anubis]

Originally posted by: joshsquall
We already have tons of infected people on my school's network. Have to love computer-dumb faculty and staff.

yea that is great, my school got so fed up with it that, almost all email attachments are blocked, the only thingsthat go through are .doc, .ppt, and .xls and txt files

all exes zips pdfs and such git killed on the server level,

blaster damn near killed the whole network last yera because of stupid people, befor that Nimda did a number

 

[simms]

how can a pdf infect??

and what is a pif used for anyways? scr's are screensavers which serve some purpose, exes and bats run things, pifs... are what?

 

[sillymofo]

W32.Mydoom.M@mmis

 

[vi edit]

Originally posted by: JackBurton
I don't know what this thing is but it got by our anti-virus system so its gotta be brand new! The payload is within a zip file and is a pif file. To take care of this thing quick, block ALL pif files at the Exchange level or just block zips files temporarily if you want to be REALLY safe.

Just giving a heads up!

Same here, blasting past us as well...

 

[spidey07]

thanks for the heads up.

it is my belief that all of these backdoors, trojans and worms are all gearing up for one major attack and are just being fine tuned at this point.

 

[GoodToGo]

This has to be one of the smartest emails send out. If you have people clicking for nekkid pics of Kounikova, imagine the amount of people who will fall for this.

 

[jfall]

The .pif extension should be abolished.

 

[OrganizedChaos]

Originally posted by: simms
how can a pdf infect??

and what is a pif used for anyways? scr's are screensavers which serve some purpose, exes and bats run things, pifs... are what?

they were used by windows to define memmory settings for dos apps

 

[spidey07]

Originally posted by: OrganizedChaos

Originally posted by: simms
how can a pdf infect??

and what is a pif used for anyways? scr's are screensavers which serve some purpose, exes and bats run things, pifs... are what?

they were used by windows to define memmory settings for dos apps

yeah, I think "program information file" - told DOS how to behave.

 

[DnetMHZ]

Filtered out 6 of these in the last 3 minutes!

 

[OutHouse]

yip, installing the McAfee Dats and SuperDats now. as soon as the dats are in place i will open the firewall to accept .zip files again.

 

[Zim Hosein]

Originally posted by: dnetmhz
Filtered out 6 of these in the last 3 minutes!

:Q

LiveUpdate automatically updated my rig a little while ago, so I hope I'm safe

 

[Chronoshock]

Just got a company wide warning e-mail... many places filter out pifs, exes, and zips (at least where I work) so that should hopefully mitigate the effects of this

 

[beer]

It's crushing our network here. Exchange was completely unstable all morning.

 

[vi edit]

Originally posted by: Chronoshock
Just got a company wide warning e-mail... many places filter out pifs, exes, and zips (at least where I work) so that should hopefully mitigate the effects of this

We can't block zip files...to many reports are sent via zips

 

[UNCjigga]

Checked NAV, I already have the latest updates (7/26/2004 rev. 23) so I think I'm safe. Besides, it takes me awhile before I start seeing these new virii since I'm in a home user environment. I'm still getting bombarded with NetSky.P every day.