Searching \ for '[OT:] WARNING: Dangerous PIF attachement in email' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/index.htm?key=dangerous+pif+attachement
Search entire site for: 'WARNING: Dangerous PIF attachement in email'.

Exact match. Not showing close matches.
PICList Thread
'[OT:] WARNING: Dangerous PIF attachement in email '
2003\08\24@223316 by Jon Jenkins

flavicon
picon face
--On Sunday, August 24, 2003 9:32 PM -0400 Olin Lathrop
<spam_OUTolin_piclistTakeThisOuTspamEMBEDINC.COM> wrote:

>>> What's the big deal?  Just don't open unexpected attachments.
>>
>> 0: because it looks very genuine
>
> A genuine what?  Any .PIF attachment is pretty much guaranteed to be a
> virus.  Just don't open attachments unless they are a file type that can't
> hurt you (like .JPG, .GIF, .TXT, etc).  A .PIF definitely CAN hurt you,
> which is about the only reason they are sent via email.

This was not easily spotted, original email
headers looked like a genuine "undeliverables".

Further the PIF was hidden inside another
attachment. Because I am a curious character I wanted to see
what the exe would so I tried to rename it to something
not dangerous and voila it added a .PIF onto the end
no matter what I named it to. Interesting code this one
wiped the boot sector from your disk.

I thought this was worth warning the LIST about seeing as
it came through the LISTs email server.

If I get another one like this which comes through
the LISTs email server then I will do exactly the
same.

>
>> 1: because it is not detected by latest virus scanner
>
> Virus scanners are worse than useless because of exactly this excuse.  At
> best, they can only tell you about viruses they already know about.  At
> worst they let a variant slip thru, mess up your system, and give you a
> false sense of security.

Rubbish! I am connected 24/7 and run both a firewall and AV scanner. If
you are forced to use Windows then you need this. I have been
saved several times and would have been trashed numerous times
over if not for this.

> I guess they are better than nothing for complete idiots, but common sense
> is far better than any virus scanner.

Have to disagree with this, numerous sites have both malicious
Java and JS code in them and there are so many holes in
all of the browsers that all the common sense in the
world can't stop them.

I work at a university where I am exposed to hundreds
of viruses especially around exam/assignment time.
Further I don't have the luxury to delete an email
because simply because it looks suspicious so its a
no brainer that I need to be careful.


>> 2: because if you use MS outlook or outlook express
>>    it will be opened and run automatically!
>
> No, it won't.  You have to take explicit action to "open" an attachment.
> MSO/E does display the contents of some types of image file attachments in
> line, but these image files only contain data and no executable
> information and are therefore safe.

Yes it will...if like most pepople you have the "preview pane"
open then attachments will get run or at least they used to
when I gave up on Outlook a year or so ago.


> I get about 3-5 viruses per week, and frankly they're pretty easy to spot.

Real men don't eat quiche :-)

jon

--
http://www.piclist.com hint: To leave the PICList
.....piclist-unsubscribe-requestKILLspamspam@spam@mitvma.mit.edu

2003\08\24@234548 by Herbert Graf

flavicon
face
> > A genuine what?  Any .PIF attachment is pretty much guaranteed to be a
> > virus.  Just don't open attachments unless they are a file type
> that can't
> > hurt you (like .JPG, .GIF, .TXT, etc).  A .PIF definitely CAN hurt you,
> > which is about the only reason they are sent via email.
>
>     Olin, it seems incredible, but if you put a file like
> "dangerouspayload.gif.pif" the outlook will show you as
> "dangerouspayload.gif"...

       Only if you have Windows set to hide "known" extensions (which is the
default), it's the FIRST "feature" I disable. TTYL

--
http://www.piclist.com hint: To leave the PICList
piclist-unsubscribe-requestspamKILLspammitvma.mit.edu

2003\08\25@025641 by Wouter van Ooijen

face picon face
> Desktop ?
> The interesting thing is how it's shown in Outlook, not ?
> Or is Outlook also using the "hide file extenstions" setting ?

The previous post specifically stated:

   3 - IT WILL SHOW ON YOUR DESKTOP AS "new text file.txt" BUT WILL BE
A
.PIF FILE!!!!

so that is what I tried. IIRC outlook use such settings from explorer.

Wouter van Ooijen

-- -------------------------------------------
Van Ooijen Technische Informatica: http://www.voti.nl
consultancy, development, PICmicro products

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\25@074824 by Jake Anderson

flavicon
face
See thats why there is this thing called patching.

No firewall, no AV, 3x win3k computers, perminant connection, no viruses.
Ever.
(and yes I run symantecs AV over them oence a month or so)


{Original Message removed}

2003\08\25@101232 by Herbert Graf

flavicon
face
> I wrote that yesterday afternoon.  I came in this morning and there were 8
> separate virus messages waiting for me.  They all appeared to be the same
> one with a .PIF file attached.  I guess this thing is really getting
> around.

       You know, I haven't gotten a SINGLE one yet, why aren't I special! :) TTYL

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\25@103554 by Sabachka

flavicon
face
On Mon, Aug 25, 2003 at 08:12:57AM -0500, Dave VanHorn wrote:
> >I wrote that yesterday afternoon.  I came in this morning and there were 8
> >separate virus messages waiting for me.  They all appeared to be the same
> >one with a .PIF file attached.  I guess this thing is really getting
> >around.
>
> Only eight? you must live in a cave! :)
>
> They seem as dangerous to me as the light grenades in "mom and dad save the
> world".

Those were the ones that said "pick me up" on the top of them, right?

I've not recieved a single copy of this virus thingy yet! I also still
only get about 1 or 2 spam emails a day, as well. I've gone through a
fair bit of work to keep it that way, as well, however. I still am
surprised about recieving no copies of the virus yet, however.

--
.....sabachka-piclistKILLspamspam.....oddmagic.net

Rule the Empire through force.
       -- Shogun Tokugawa

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\25@104421 by Dave VanHorn

flavicon
face
>
> > Only eight? you must live in a cave! :)
> >
> > They seem as dangerous to me as the light grenades in "mom and dad save the
> > world".
>
>Those were the ones that said "pick me up" on the top of them, right?

Yes :)  these don't even usually say "click on me"

>I've not recieved a single copy of this virus thingy yet! I also still
>only get about 1 or 2 spam emails a day, as well. I've gone through a
>fair bit of work to keep it that way, as well, however. I still am
>surprised about recieving no copies of the virus yet, however.

I wish!   I used to have a microsoft cordless phone, which was great, it
would even read me my email.
unfortunately, it would only read me my inbox, which is where all the spam
ends up.

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\25@110517 by James Newton, webhost

face picon face
source= http://www.piclist.com/piclist/2003/08/25/025641a.txt?

Wouter, thanks for changeing the tag.


---
James Newton: PICList.com webmaster, former Admin #3
EraseMEjamesnewtonspam_OUTspamTakeThisOuTpiclist.com  1-619-652-0593 phone
http://www.piclist.com/member/JMN-EFP-786
PIC/PICList FAQ: http://www.piclist.com

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\25@143236 by Gaston Gagnon

face
flavicon
face
>> Bob Ammerman wrote:
>> This is true, but only if you stupidly leave the default setting for
'Show
>> extensions of known file types' as false.
>> That is a VERY dangerous things to do!
>
>Alexandre Souza wrote:
>  No, my computer is configured to show extensions...

Alexandre I did your test: create a file named z.txt, rename it to
z.txt.pif and it shows z.txt. More when I click on it I get the message:
"z.txt.pif is not a valid win32 application".

I use win2000 and the Files Options "Hide the known extension files" is
not selected !!!!!

I'm stunned :-o

What else could be wrong ?

Gaston

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\25@173300 by Jon Jenkins

flavicon
picon face
part 1 1577 bytes content-type:text/plain; charset=us-ascii; format=flowed (decoded 7bit)

Olin for goodness sake you are simply wrong
Have a look at the enclosed screen shot
from XP.

1: See the file called test.txt.mpg.pif in Ztree

2: See the setting in "View": NO HIDING ANYTHING

3: See the file name in Explorer: NO PIF!!

This is what I tried to tell Olin and others.
There are various ways of hiding extensions
with Windows and it DOES NOT SHOW YOU WHAT
THEY ARE.

jon




--On Monday, August 25, 2003 1:08 PM -0400 Gaston Gagnon
<gaston.gagnonspamspam_OUTVIDEOTRON.CA> wrote:

{Quote hidden}

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads




part 2 20541 bytes content-type:image/gif; name=screen.gif (decode)

2003\08\25@214046 by Gaston Gagnon

face
flavicon
face
Gaston Gagnon wrote:

{Quote hidden}

Thanks to Dal Wheeler. The .pif extensions are not hidden anymore.

Gaston

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\26@022942 by Bob Axtell

face picon face
I lost the train of this. HOW did you get the PIF extension to display on
Win2000?
I've been sitting on the edge of my seat...

--Bob


At 09:41 PM 8/25/2003 -0400, you wrote:
{Quote hidden}

--------------
Bob Axtell
PIC Hardware & Firmware Dev
Tucson, AZ
1-512-219-2363

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics

2003\08\26@040647 by Picdude

flavicon
face
Been a while since I've used email on Winxxx, but couldn't you highlight the name in the email and view properties or something similar?  And if you decide to open it, doesn't it bring up a dialog box asking if you want to open file "filename.ext1.ext2" ?

Cheers,
-Neil.



On Tuesday 26 August 2003 01:28, Bob Axtell scribbled:
{Quote hidden}

---
[This E-mail scanned for viruses]

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics

2003\08\26@113747 by Gaston Gagnon

face
flavicon
face
-Bob Axtell wrote:
> I lost the train of this. HOW did you get the PIF extension to display on
> Win2000?
> I've been sitting on the edge of my seat...

Read Dal Wheeler's message dated 2003-08-25 13:45 and follow the link.

-Sorry, the following comment was not written by Alexandre Souza but by
Bob Ammerman
> This is true, but only if you stupidly leave the default setting for
> 'Show extensions of known file types' as false.
> That is a VERY dangerous things to do!

-Alexandre Souza answered:
> No, my computer is configured to show extensions...

-Gaston Gagnon wrote:
> I did your test: create a file named z.txt, rename it to z.txt.pif and
> it shows z.txt. More when I click on it I get the message: "z.txt.pif is
> not a valid win32 application".
>
> I use win2000 and the Files Options "Hide the known extension files" is
> not selected !!!!!
> I'm stunned :-o
> What else could be wrong ?

-After making the corrections, Gaston Gagnon wrote:
> Thanks to Dal Wheeler. The .pif extensions are not hidden anymore.

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics

2003\08\26@115158 by Paul Hutchinson

flavicon
face
The following Microsoft page has a good explanation of the NeverShowExt and
AlwaysShowExt registry keys.
msdn.microsoft.com/msdnmag/issues/1100/Registry/
About halfway down the page, the paragraph "Working with File Types". There
is also a good illustration of the downside to forcing some extensions to
display (ugly Start Menu & Desktop).

Hope this helps,
Paul

>-----Original Message-----
>[@spam@PICLISTKILLspamspamMITVMA.MIT.EDU]On Behalf Of Bob Axtell
>Sent: Tuesday, August 26, 2003 2:28 AM
>
>I lost the train of this. HOW did you get the PIF extension to display on
>Win2000?
>I've been sitting on the edge of my seat...
>
>--Bob

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics

2003\08\26@120356 by Alan B. Pearce

face picon face
> I lost the train of this. HOW did you get the PIF extension to display on
> Win2000?
> I've been sitting on the edge of my seat...

Following on from what Gaston wrote, IIRC there is still a bug in the way M$
"shows" extensions though, as illustrated by the screen shot that someone
posted. If you have enough "extensions" to a file name (about 3 or 4 IIRC)
then the last one can still be hidden, which is what still fools some
people, even when the "hide known extensions" is unchecked. For some reason
Windows gives up if there are enough full stops in the file name for it to
stop counting.

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics

2003\08\26@122511 by Gaston Gagnon

face
flavicon
face
Bob Axtell wrote:
>I lost the train of this. HOW did you get the PIF extension to display on
>Win2000?
>I've been sitting on the edge of my seat...

Alan B. Pearce wrote:
> Following on from what Gaston wrote, IIRC there is still a bug in the way M$
> "shows" extensions though, as illustrated by the screen shot that someone
> posted. If you have enough "extensions" to a file name (about 3 or 4 IIRC)
> then the last one can still be hidden, which is what still fools some
> people, even when the "hide known extensions" is unchecked. For some reason
> Windows gives up if there are enough full stops in the file name for it to
> stop counting.


I just tried it with x.txt.txt.txt.<~50 times .txt>.pif and every one of
them including .pif showed up on my desktop.
Gaston

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics

2003\08\26@122926 by Dal Wheeler

flavicon
face
No that's not all of it.  There are also a few reserved extensions that are
NOT affected by the file options menu, these extensions are treated
differently (whether they are multiple extensions or just one).  Having
multiple extensions allows the last one to be hidden so the user if they
aren't careful can be fooled into believing it is a different type.  The pif
extension in question can be made visible by removing a registry setting for
pif files.

Given the problematic nature of email attachements one would have thought
that MS would have shown the full file name in Outlook/OE, regardless of
system settings.  It's difficult to expect users to be more responsible if
they are not provided with the proper tooling / or the tools are
inconsistant (although I don't see a need to be able to open an attachement
directly from the email client).  I think, as with most things, a bit of
paranoia is a good thing; don't trust that MS is completely consistant with
the system settings.

http://www.antichip.org/virusinfo/extensions.html

{Original Message removed}

2003\08\26@122927 by Alan B. Pearce

face picon face
>I just tried it with x.txt.txt.txt.<~50 times .txt>.pif and
>every one of them including .pif showed up on my desktop.

OK, maybe they have fixed it with a patch then, or maybe it was just a
problem within Outlook or Outlook Express, but I do remember it as being a
problem at one stage.

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics

More... (looser matching)
- Last day of these posts
- In 2003 , 2004 only
- Today
- New search...