Searching \ for '[PIC:] WARNING: Dangerous PIF attachement in email' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/microchip/devices.htm?key=pic
Search entire site for: 'WARNING: Dangerous PIF attachement in email'.

Exact match. Not showing close matches.
PICList Thread
'[PIC:] WARNING: Dangerous PIF attachement in email'
2003\08\24@174741 by Jon Jenkins

flavicon
picon face
People

I have just received an "Mail Delivery Failure" notification
which is a fake. The mail is accompanied by an PIF attachement
which is very dangerous and is not detected by the latest
version of virus scanners or the latest MS patches.

This email was traced back to the MINERVA IP and thence
to someone in NZ.

Luckily I use Mulberry as a mail client and was able to
intercept it.

If you get an email with this header then do not click
on it, delete it without opening the main email.

jon

--
http://www.piclist.com hint: To leave the PICList
spam_OUTpiclist-unsubscribe-requestTakeThisOuTspammitvma.mit.edu

2003\08\24@175820 by Dave VanHorn

flavicon
face
>
>Luckily I use Mulberry as a mail client and was able to intercept it.

What's the big deal?  Just don't open unexpected attachments.

--
http://www.piclist.com hint: To leave the PICList
.....piclist-unsubscribe-requestKILLspamspam@spam@mitvma.mit.edu

2003\08\24@201010 by Jon Jenkins

flavicon
picon face
--On Sunday, August 24, 2003 4:57 PM -0500 Dave VanHorn
<dvanhornspamKILLspamCEDAR.NET> wrote:

>>
>> Luckily I use Mulberry as a mail client and was able to intercept it.
>
> What's the big deal?  Just don't open unexpected attachments.

0: because it looks very genuine

1: because it is not detected by latest virus scanner

2: because if you use MS outlook or outlook express
  it will be opened and run automatically!

jon

--
http://www.piclist.com hint: To leave the PICList
.....piclist-unsubscribe-requestKILLspamspam.....mitvma.mit.edu

2003\08\24@202249 by Dave VanHorn

flavicon
face
>
>0: because it looks very genuine

No it dosen't.

>1: because it is not detected by latest virus scanner

Not necessary.
I don't need to know if the spider in the jar is poisonous, if I'm never
going to open the jar.

>2: because if you use MS outlook or outlook express
>   it will be opened and run automatically!

Highly doubtful, but I don't run those programs anyway.
Eudora does not automatically open attachments.
No sane email program would.

--
http://www.piclist.com hint: To leave the PICList
EraseMEpiclist-unsubscribe-requestspam_OUTspamTakeThisOuTmitvma.mit.edu

2003\08\24@213253 by Olin Lathrop

face picon face
>> What's the big deal?  Just don't open unexpected attachments.
>
> 0: because it looks very genuine

A genuine what?  Any .PIF attachment is pretty much guaranteed to be a
virus.  Just don't open attachments unless they are a file type that can't
hurt you (like .JPG, .GIF, .TXT, etc).  A .PIF definitely CAN hurt you,
which is about the only reason they are sent via email.

> 1: because it is not detected by latest virus scanner

Virus scanners are worse than useless because of exactly this excuse.  At
best, they can only tell you about viruses they already know about.  At
worst they let a variant slip thru, mess up your system, and give you a
false sense of security.

I guess they are better than nothing for complete idiots, but common sense
is far better than any virus scanner.

> 2: because if you use MS outlook or outlook express
>    it will be opened and run automatically!

No, it won't.  You have to take explicit action to "open" an attachment.
MSO/E does display the contents of some types of image file attachments in
line, but these image files only contain data and no executable information
and are therefore safe.

I get about 3-5 viruses per week, and frankly they're pretty easy to spot.


*****************************************************************
Embed Inc, embedded system specialists in Littleton Massachusetts
(978) 742-9014, http://www.embedinc.com

--
http://www.piclist.com hint: To leave the PICList
piclist-unsubscribe-requestspamspam_OUTmitvma.mit.edu

2003\08\24@214123 by Sean Alcorn - PIC Stuff

flavicon
face
On Monday, Aug 25, 2003, at 11:32 Australia/Sydney, Olin Lathrop wrote:

> I get about 3-5 viruses per week, and frankly they're pretty easy to
> spot.

Agreed. Powerful thing that delete key! :-)

Sean

--
http://www.piclist.com hint: To leave the PICList
@spam@piclist-unsubscribe-requestKILLspamspammitvma.mit.edu

2003\08\24@225223 by Alexandre Souza

flavicon
face
> A genuine what?  Any .PIF attachment is pretty much guaranteed to be a
> virus.  Just don't open attachments unless they are a file type that can't
> hurt you (like .JPG, .GIF, .TXT, etc).  A .PIF definitely CAN hurt you,
> which is about the only reason they are sent via email.

   Olin, it seems incredible, but if you put a file like
"dangerouspayload.gif.pif" the outlook will show you as
"dangerouspayload.gif"...

   Don't you believe?

   1 - Create a new text file. Something like "new text file.txt"
   2 - Rename it to "new text file.txt.pif"
   3 - IT WILL SHOW ON YOUR DESKTOP AS "new text file.txt" BUT WILL BE A
.PIF FILE!!!!

   Not to be wrong, I just did it here, and of course, AVG didn't let me
attach it to a mail (to myself) thinking it was a virus (after all, this is
a very common procedure for a virus)

> Virus scanners are worse than useless because of exactly this excuse.  At
> best, they can only tell you about viruses they already know about.  At
> worst they let a variant slip thru, mess up your system, and give you a
> false sense of security.

   AVG never let anything come to my system. It is updated daily (sometimes
more than once) and NEVER EVER got anything, everything was blocked by it.

> I guess they are better than nothing for complete idiots, but common sense
> is far better than any virus scanner.

   Do agree with you, but two locks are better than one in 90% of
happenings ;o)

> No, it won't.  You have to take explicit action to "open" an attachment.
> MSO/E does display the contents of some types of image file attachments in
> line, but these image files only contain data and no executable
information
> and are therefore safe.

   Yes, it will. A bad intetioned HTML code can open a file and you will
not even know it...Take a look on some HTML virus reports. Of course you can
configure your outlook NOT to do that, but this is not the default.
Microsoft security, of course.

   Greetz from Brazil!
   Alexandre Souza
   http://www.pinball-taito.com.br


---

Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.512 / Virus Database: 309 - Release Date: 19/08/03

--
http://www.piclist.com hint: To leave the PICList
KILLspampiclist-unsubscribe-requestKILLspamspammitvma.mit.edu

2003\08\24@225850 by Dave VanHorn

flavicon
face
>
>     Olin, it seems incredible, but if you put a file like
>"dangerouspayload.gif.pif" the outlook will show you as
>"dangerouspayload.gif"...
>
>     Don't you believe?

So don't use outlook?
Eudora shows it as .gif.pif.

I get several every hour.


>     Yes, it will. A bad intetioned HTML code can open a file and you will
>not even know it...Take a look on some HTML virus reports. Of course you can
>configure your outlook NOT to do that, but this is not the default.
>Microsoft security, of course.

Another non problem in eudora.

--
http://www.piclist.com hint: To leave the PICList
RemoveMEpiclist-unsubscribe-requestTakeThisOuTspammitvma.mit.edu

2003\08\24@232624 by Bob Ammerman

picon face
>     Olin, it seems incredible, but if you put a file like
> "dangerouspayload.gif.pif" the outlook will show you as
> "dangerouspayload.gif"...
>
>     Don't you believe?
>
>     1 - Create a new text file. Something like "new text file.txt"
>     2 - Rename it to "new text file.txt.pif"
>     3 - IT WILL SHOW ON YOUR DESKTOP AS "new text file.txt" BUT WILL BE A
> .PIF FILE!!!!
>

This is true, but only if you stupidly leave the default setting for 'Show
extensions of known file types' as false.

That is a VERY dangerous things to do!

Bob Ammerman
RAm Systems

--
http://www.piclist.com hint: To leave the PICList
spamBeGonepiclist-unsubscribe-requestspamBeGonespammitvma.mit.edu

2003\08\24@233041 by David Duffy

flavicon
face
Alexandre Souza wrote:

>>A genuine what?  Any .PIF attachment is pretty much guaranteed to be a
>>virus.  Just don't open attachments unless they are a file type that can't
>>hurt you (like .JPG, .GIF, .TXT, etc).  A .PIF definitely CAN hurt you,
>>which is about the only reason they are sent via email.
>>
>>
>
>    Olin, it seems incredible, but if you put a file like
>"dangerouspayload.gif.pif" the outlook will show you as
>"dangerouspayload.gif"...
>
>    Don't you believe?
>
>    1 - Create a new text file. Something like "new text file.txt"
>    2 - Rename it to "new text file.txt.pif"
>    3 - IT WILL SHOW ON YOUR DESKTOP AS "new text file.txt" BUT WILL BE A
>.PIF FILE!!!!
>
>
Only if you have "don't show extensions for known file types" turned on.
It's on by default when you load Windows - I always change it.
You've just shown the exact reason not to leave it that way. :-)
David...

--
___________________________________________
David Duffy        Audio Visual Devices P/L
U8, 9-11 Trade St, Cleveland 4163 Australia
Ph: +61 7 38210362   Fax: +61 7 38210281
New Web: http://www.audiovisualdevices.com.au
___________________________________________

--
http://www.piclist.com hint: To leave the PICList
TakeThisOuTpiclist-unsubscribe-requestEraseMEspamspam_OUTmitvma.mit.edu

2003\08\25@020130 by Wouter van Ooijen

face picon face
>     1 - Create a new text file. Something like "new text file.txt"
>     2 - Rename it to "new text file.txt.pif"
>     3 - IT WILL SHOW ON YOUR DESKTOP AS "new text file.txt"
> BUT WILL BE A
> .PIF FILE!!!!

On my desktop it shows as "new text file.txt.pif", as IMHO it should.
You probably have the "hide extension" feature active, which is IMHO a
bad thing (haveing it active, that is. The fact that this feature exists
at all is much worse.)

Wouter van Ooijen

-- -------------------------------------------
Van Ooijen Technische Informatica: http://www.voti.nl
consultancy, development, PICmicro products

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\25@024813 by

picon face
Desktop ?
The interesting thing is how it's shown in Outlook, not ?
Or is Outlook also using the "hide file extenstions" setting ?

Jan-Erik.

> On my desktop it shows as "new text file.txt.pif", as IMHO it should.

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\25@032830 by David Duffy

flavicon
face
Jan-Erik Söderholm XA (TN/PAC) wrote:

>Desktop ?
>The interesting thing is how it's shown in Outlook, not ?
>Or is Outlook also using the "hide file extenstions" setting ?
>  
>
Yes. Anything that uses the Windows shell will behave the same.
David...

-- ___________________________________________
David Duffy        Audio Visual Devices P/L
U8, 9-11 Trade St, Cleveland 4163 Australia
Ph: +61 7 38210362   Fax: +61 7 38210281
New Web: http://www.audiovisualdevices.com.au
___________________________________________

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\25@080108 by Olin Lathrop
face picon face
>> I get about 3-5 viruses per week, and frankly they're pretty easy to
>> spot.
>
> Agreed. Powerful thing that delete key! :-)

I wrote that yesterday afternoon.  I came in this morning and there were 8
separate virus messages waiting for me.  They all appeared to be the same
one with a .PIF file attached.  I guess this thing is really getting
around.


*****************************************************************
Embed Inc, embedded system specialists in Littleton Massachusetts
(978) 742-9014, http://www.embedinc.com

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\25@085203 by Alexandre Souza

flavicon
face
> This is true, but only if you stupidly leave the default setting for 'Show
> extensions of known file types' as false.
> That is a VERY dangerous things to do!

   No, my computer is configured to show extensions...


---

Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.512 / Virus Database: 309 - Release Date: 19/08/03

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\25@091450 by Dave VanHorn

flavicon
face
>
>I wrote that yesterday afternoon.  I came in this morning and there were 8
>separate virus messages waiting for me.  They all appeared to be the same
>one with a .PIF file attached.  I guess this thing is really getting
>around.

Only eight? you must live in a cave! :)

They seem as dangerous to me as the light grenades in "mom and dad save the
world".

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\25@093113 by Olin Lathrop

face picon face
>     Olin, it seems incredible, but if you put a file like
> "dangerouspayload.gif.pif" the outlook will show you as
> "dangerouspayload.gif"...

Only if you have Windows (this has nothing to do with Outlook) set to
"hide known file types" or something like that.  That is an extremely
dangerous setting and it's totally irresponsible of Microsoft to set it as
the default.  It's one of the various things I always adjust when setting
up a Windows 2000 system.

>     AVG never let anything come to my system. It is updated daily
> (sometimes more than once) and NEVER EVER got anything, everything was
> blocked by it.

Well OK then, go ahead an open all the attachments you want!  No problem.
And I'm sure the AVG folks will personally come to your system and repair
any damage in case you got a virus before they did and were able to write
a fix for it.

>     Do agree with you, but two locks are better than one in 90% of
> happenings ;o)

That would be true if virus scanners were otherwise benign.  Unfortunately
they have to get into the system deeply and intercept things between
programs to do their job.  As a result they have various undesirable side
effects (how often have you seen software installation instructions tell
you to disable all virus software first?).


*****************************************************************
Embed Inc, embedded system specialists in Littleton Massachusetts
(978) 742-9014, http://www.embedinc.com

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\25@093958 by Alexandre Souza

flavicon
face
> Only if you have Windows (this has nothing to do with Outlook) set to
> "hide known file types" or something like that.  That is an extremely
> dangerous setting and it's totally irresponsible of Microsoft to set it as
> the default.  It's one of the various things I always adjust when setting
> up a Windows 2000 system.

   Strange is: I use windows 98 and has this setting to "show all file
types" or something like this. This is one of the first things I do when I
install win98.

> Well OK then, go ahead an open all the attachments you want!  No problem.
> And I'm sure the AVG folks will personally come to your system and repair
> any damage in case you got a virus before they did and were able to write
> a fix for it.

   I don't use to open attachments, even when .JPG or .GIF, thanks ;o)

> That would be true if virus scanners were otherwise benign.  Unfortunately
> they have to get into the system deeply and intercept things between
> programs to do their job.  As a result they have various undesirable side
> effects (how often have you seen software installation instructions tell
> you to disable all virus software first?).

   Yep, but AVG never did me any knowledgeable harm...


---

Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.512 / Virus Database: 309 - Release Date: 19/08/03

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\25@101234 by Herbert Graf

flavicon
face
> That would be true if virus scanners were otherwise benign.  Unfortunately
> they have to get into the system deeply and intercept things between
> programs to do their job.  As a result they have various undesirable side
> effects (how often have you seen software installation instructions tell
> you to disable all virus software first?).

       Agreed, which is why I only let a virus scanner do what it did 5 years ago:
scan files when I want it to. No virus scanner runs resident on my system,
it is only invoked when I MANUALLY run it. Most of the problems I've dealt
with on people's systems, that were not hardware related, were related,
either directly or indirectly, to a piece of virus software doing something
it shouldn't. TTYL

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\25@130816 by Gaston Gagnon

face
flavicon
face
Alexandre Souza wrote:
>>This is true, but only if you stupidly leave the default setting for 'Show
>>extensions of known file types' as false.
>>That is a VERY dangerous things to do!
>
>
>     No, my computer is configured to show extensions...


I did your test: create a file named z.txt, rename it to z.txt.pif and
it shows z.txt. More when I click on it I get the message: "z.txt.pif is
not a valid win32 application".

I use win2000 and the Files Options "Hide the known extension files" is
not selected !!!!!

I'm stunned :-o

What else could be wrong ?

Gaston

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\25@151632 by Peter L. Peres

picon face
1. I am subscribed to piclist digests and I have never, ever seen ONE
virus transit the listserv. Therefore any virus you ever saw 'from the
piclist' was actually sent with a faked header, and was NOT from the
piclist. James can confirm this easily, since he is archiving the list.

2. If Olin says he sees 4-5 a week it makes me wonder what his wonderful
system makes of the remaining 5-6 a DAY that should be going through it
(based on what others and I see).  It would be too good to hope that his
wonderful system just deletes them silently.

good luck Olin,

Peter

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\25@153710 by Igor Pokorny

flavicon
face
Hello Peter,
my provider have done such service for me for a couple of years. Being
anoying  to save any exe, pps etc file to my temporary directory, rename it
to see what is send to me i resigned from its service. I use a program that
is upraded twice a week - till now I haven't had any problem with viruses...
The last one was erased from my Emails a couple times every day.

Regards

Igor

{Original Message removed}

2003\08\25@154917 by Dave VanHorn

flavicon
face
>
>2. If Olin says he sees 4-5 a week it makes me wonder what his wonderful
>system makes of the remaining 5-6 a DAY that should be going through it
>(based on what others and I see).  It would be too good to hope that his
>wonderful system just deletes them silently.

I probably get 5-6 an hour, or thereabouts.
I just delete them.
There's a bunch of virii in my attachment directory, awaiting the big
flush, but since I have no problem of disk space, and they're about as
dangerous as a light grenade, I haven't gotten around to it recently.

I did get virused ONCE, using eudora.  I clicked on the attachment.
In my own defence, I was deathly ill with pancreatitis, and the morphine
drip wasn't doing my critical thinking any good.

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads

2003\08\25@160956 by Tony Harris

flavicon
face
Yup, and I've also noticed that some of these new wonderful virus' are using
other peoples email addresses to send out the virus.  I've checked my
computer many times and don't have the virus, yet someone on one of the
lists I'm on does have one of these current virus' and it is "borrowing" my
IP address.

Happened to a friend of mine too, tracked it down to a comcast IP address
that time.

Makes one almost want to just use a throwaway email address when crap like
this happens.

-Tony
----- Original Message -----
From: "Igor Pokorny" <RemoveMEigorpspamTakeThisOuTAPPLET.CZ>
To: <PICLISTEraseMEspam.....MITVMA.MIT.EDU>
Sent: Monday, August 25, 2003 2:36 PM
Subject: Re: [PIC:] WARNING: Dangerous PIF attachement in email from PIC
list


> Hello Peter,
> my provider have done such service for me for a couple of years. Being
> anoying  to save any exe, pps etc file to my temporary directory, rename
it
> to see what is send to me i resigned from its service. I use a program
that
> is upraded twice a week - till now I haven't had any problem with
viruses...
> The last one was erased from my Emails a couple times every day.
>
> Regards
>
> Igor
>
> {Original Message removed}

2003\08\25@162513 by tim_webb

flavicon
face
I have been getting about 150 emails a day from the virus and not one email was from anybody that I know.  And about once an hour, I get an email that appears like I sent it but it came back as undeliverable.  I checked my computer with the latest anti-virus and scanned all drives and no virus was detected.

{Original Message removed}

2003\08\27@121603 by Peter L. Peres

picon face
> I have been getting about 150 emails a day from the virus and not one
> email was from anybody that I know.  And about once an hour, I get an
> email that appears like I sent it but it came back as undeliverable.  I
> checked my computer with the latest anti-virus and scanned all drives
> and no virus was detected.

Don't worry I got several of those too, some apparently sent by me. I
traced the origin to a server in .kr and sent a love letter to the
relevant admin. The latest virus is really bad. Also which pos thing pings
everything in sight all the time ? My firewall logs are chock full of
pings (one ping per origin ip).

Peter

--
http://www.piclist.com hint: The PICList is archived three different
ways.  See http://www.piclist.com/#archives for details.

More... (looser matching)
- Last day of these posts
- In 2003 , 2004 only
- Today
- New search...