Re: Don't beat me, but i've noticed a huge influx of these .pif virii today.

["Steven M. Bellovin" <smb () research att com>]

In message <75634F04BFCFD511BF69009027DC86495C63B5 () mailman thenap com>, Drew We
aver writes:

>            Don't kill me for posting this, it may be slightly off topic but
> I have noticed a very odd spike in traffic with these virii that have .pifs
> attached to them. 
>
> The subject is random.
>
> The body always says:
>
> "See attached file for details" and they're always a pif file.
>
> Anyone else notice this?

Please don't post in html.

Anyway -- it's the sobig.f virus.  According to
http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.f () mm html
it scans a variety of file types on the infected machine to find email 
addresses to abuse.

It's not always a .pif file; sometimes, it's a .scr file.


                --Steve Bellovin, http://www.research.att.com/~smb