Date: Wed, 3 Mar 2004 17:29:55 +0300 From: Sergey 'DoubleF' Zaharchenko <doublef@tele-kom.ru> To: Mike Jeays <Mike.Jeays@rogers.com> Cc: questions@freebsd.org Subject: Re: Email account utilization warning. Message-ID: <20040303172955.59146203@Hal.localdomain> In-Reply-To: <1078286029.76351.2.camel@chaucer> References: <cbnhckfqlptpshbuuat@FreeBSD.org> <40454A3A.5010709@slaughters.com> <1078286029.76351.2.camel@chaucer>
next in thread | previous in thread | raw e-mail | index | archive | help
--Signature=_Wed__3_Mar_2004_17_29_55_+0300_EqtOnnYTdANFnNTP Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 7bit On 02 Mar 2004 22:53:49 -0500 Mike Jeays <Mike.Jeays@rogers.com> probably wrote: > PIF files are Windows Program Information Files, dating from the days of > Windows 3.1. I am surprised they still work - but it seems that they > do. They have executable content, and are now being used to spread > malicious software. Just for the sake of correctness... Physically, real PIFs have no more executable content than something between a binary data file and a soft link. But Windows thinks that they can be `executed' (that was necessary to make them usable as links, I guess), which is quite enough - when the loader analyzes the file, it understands it's not a PIF but an EXE format executable from the magic number and runs it. Some olden virus-writers probably think that if one masquerades an .exe as .pif, some olden antiviruses won't find them :). They are making progress: the virus is about 25% smaller than its .C predecessor:)))) P.S. And nobody even cared to remove staff@ from CC:) -- DoubleF Cloning is the sincerest form of flattery. --Signature=_Wed__3_Mar_2004_17_29_55_+0300_EqtOnnYTdANFnNTP Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFARev1wo7hT/9lVdwRAsXxAJ4+gQmypn4xtC/pDfxly2va+K3v/QCggIkW 7uiojPykCl/E6BC4KsX8gJs= =tnfC -----END PGP SIGNATURE----- --Signature=_Wed__3_Mar_2004_17_29_55_+0300_EqtOnnYTdANFnNTP--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040303172955.59146203>