[60903] in North American Network Operators' Group
Re: Don't beat me, but i've noticed a huge influx of these .pif
daemon@ATHENA.MIT.EDU (Jade E. Deane)
Tue Aug 19 16:42:47 2003
From: "Jade E. Deane" <jade.deane@riven.net>
To: Drew Weaver <drew.weaver@thenap.com>
Cc: "'nanog@merit.edu'" <nanog@merit.edu>
In-Reply-To: <75634F04BFCFD511BF69009027DC86495C63B5@mailman.thenap.com>
Date: 19 Aug 2003 15:27:03 -0500
Errors-To: owner-nanog-outgoing@merit.edu
--=-5/0mOkCPO1NFqanSmzb7
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Drew,
You're not seeing things. I would say you can thank "W32/Sobig.F-mm",
referenced in http://news.com.com/2100-1002_3-5065494.html.
Allow me to quote a bit from the story:
[quote]
The sender appears to be someone from a recognized domain name, such as
ibm.com, zdnet.com or microsoft.com. The subject line typically says
"Re: Details," "Resume" or "Thank you."=20
Attachment names may include: your_document.pif, details.pif,
your_details.pif, thank_you.pif, movie0045.pif, document_Fall.pif,
application.pif, and document_9446.pif.=20
[/quote]
Regards,
Jade
On Tue, 2003-08-19 at 15:33, Drew Weaver wrote:
> Don't kill me for posting this, it may be slightly off
> topic but I have noticed a very odd spike in traffic with these virii
> that have .pifs attached to them.=20
>=20
> =20
>=20
> The subject is random.
>=20
> =20
>=20
> The body always says:
>=20
> =20
>=20
> "See attached file for details" and they're always a pif file.
>=20
> =20
>=20
> Anyone else notice this?
>=20
> =20
>=20
> -Drew
>=20
> =20
--=-5/0mOkCPO1NFqanSmzb7
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQA/QogWcd9SGwYS0bgRAkaHAKCYFYXcR1BCIV4rAeploj5c7VJXOgCfZtlb
P972MkzhD4MccQn0BGvSKzQ=
=8P7O
-----END PGP SIGNATURE-----
--=-5/0mOkCPO1NFqanSmzb7--
