.pif file email woes

[weirdami]

I just got an email with a "www.amiga.com" address. It has a file called "your_text.pif", the message says only "Your document is attached.", and the subject is "Re: Your text". I'm sure it's one of those lame virus things, but my question is, how come I got it? AI has that particular address and so does AO. So, either of those has a virus? I'm guessing because I never give out that particular address and it's strangely coincidental that it's amiga related. Who else would know about my Amiga-ness :-), and how would they know it AND have access to my never given out (except for AI, AO) address.

What gives?

I think I saw a post on here from Wayne saying AO has no viruses, so does AI have one? Did I miss an entire thread on this and so am behind the curve?

[redrumloa]

Whaever you do don't launch a .pif file!

[weirdami]

Whaever you do don't launch a .pif file!

I didn't. It is a harmful to Windows machines type thing? It's one file-type I've never heard of, I don't think.

[redrumloa]

I didn't. It is a harmful to Windows machines type thing? It's one file-type I've never heard of, I don't think.

Exactly, it's some sort of dangerous executable. I'm not entirely familiar with the format, but I do know it is as dangerous as an *.exe on a Windows box.

[Waccoon]

PIF stands for "Program Information File", and basicly contains low-level information for launching MS-DOS files.  Unlike INF files, PIFs are obsolete.  I don't know of any modern program that uses them.

Actually e-mail viruses are just EXE files renamed to PIF, so the OS will treat them differently.

Unfortunately, viruses can also spoof e-mail addresses, so it almost never comes from where it says it does.  I get viruses from my friends' e-mails, yet they all tell me they don't have viruses (any smart Windoze person has Norton).

[Kent]

weirdami wrote:
I just got an email with a "www.amiga.com" address. It has a file called "your_text.pif", the message says only "Your document is attached.", and the subject is "Re: Your text". I'm sure it's one of those lame virus things, but my question is, how come I got it? AI has that particular address and so does AO. So, either of those has a virus? I'm guessing because I never give out that particular address and it's strangely coincidental that it's amiga related. Who else would know about my Amiga-ness :-), and how would they know it AND have access to my never given out (except for AI, AO) address.

What gives?

I got an email like that just the other day to my email server.  I was alerted to a new email with a somewhat hokey attachment matching a windows executable mimetype.  I took a look at the source of it considering it was on a BSD box.  The other person who knew about the domain couldn't have been infected (he runs Amigas only).  I traced the "received" headers and found it was from a computer system off the cox network in northern maryland, where the person who supposedly sent it was from northern Illinois on a different network.  The virus takes domains of email addresses from the infected computer system's "address book" and builds new, sometimes fake, email addresses randomly spewing its pif file in hopes of infecting others.  From what I could tell, it spits out a new random email address once every 30 seconds.

My recommendations:
Don't use anything Outlook for email, instead find a system that works with pop accounts either online or through a system without windows.  If you can, deny all attachments, even from friends and use web hosted email addresses for all attachments.  Don't allow html email messages, you can easily create viruses in html using an iframe with embeded objects in the resulting frame.  If someone (not a news service or bot) uses html email messages, replace all < with "& lt;" (remove the space) and send it back asking for regular text.

:pint:

[weirdami]

I just got about 6 more of those .pif emails. That bit about random email addresses is apparent I guess since now the "www" from "www.amiga.com" is missing on them. I'm still wondering how "amiga" comes into play at all. If AI doesn't have a virus, maybe there's something to do with months ago using my AO forwarding address on ebay. I must have forgotten to email through ebay itself once and used my actual email account to reply to a buyer and now they've got a virus. Ugh. :-( One wonders why it's amiga.com and not amiga.org, though. Too bad the version of Pine I'm using for some reason no longer has a view-full-headers command, so I can't check where these things are really coming from.

:idea: Perhaps one day, computers (at least, the Internet capable ones) will require a license before buying, and to get the license, you have to take a Germany-long (or was that France?) licensing class. Seems like that would eliminate lots of these problems with email viruses and things because people would be wise to them. The problem with that idea, though, is that I'd be against it in principle. :-/ Let's just hope that new email system that's supposed to be in the works (the one that thwarts spoofing) finally comes out...and works.

Sigh.   :roll: