Its a Scary Day.

Why is it a scary day? Well, I just got an email with an attachment. So? Whats your point...well a few things:

1. The email was from someone I didn't know, no biggie I get these all the time for support.
2. No subject. Well, this isn't always a problem, since I know some users just don't know that the cursor starts at the subject line 99% of the time.
3. The email said "test". Huh, now thats a bugger, I guess it worked?
4. There was an attached file, a zipped one - wow someone sent me pictures?

Well, if you haven't figured it out yet, I've finally seen something I've been dreading for the longest time, a zipped-up virus attached to an email. Why is this so important, though...it can pass through almost all server based virus scanners scanning emails as they come across. So, as I quickly alerted my employer (which then sent out a company wide email stating roughly the same thing), I wanted to alert the community as well. Be alarmed if you receive an email from someone you don't know that has a zipped attachment...especially if the attachment contains a .pif file.

UPDATE: CNet is reporting this virus now, be warned! (story)

4 Comments

  • I got one of these today... it contained a binary .exe renamed to 'message.exe'. Dont know what the payload was, it was deleted right away.



    Travis

  • many server based virus scanners can handle zip files e.g. symantec. You often have to install the zip software, so it can understand the archives, but AFAIR, pk204g.exe will work fine, otherwise download winzip.

  • 15 + mails of these for me just today.

    Eventual ruling - block all emails with zip files.

  • True, most virus scanners do scan zip files, however, when the files contained are not infected themselves, they can continue on. In this instance, the file in the zip file was the virus executable, and was not infected with it.

Comments have been disabled for this content.