Email account utilization warning.

Sergey 'DoubleF' Zaharchenko doublef at tele-kom.ru
Wed Mar 3 06:36:54 PST 2004


On 02 Mar 2004 22:53:49 -0500
Mike Jeays <Mike.Jeays at rogers.com> probably wrote:

> PIF files are Windows Program Information Files, dating from the days of
> Windows 3.1.  I am surprised they still work - but it seems that they
> do. They have executable content, and are now being used to spread
> malicious software.

Just for the sake of correctness...

Physically, real PIFs have no more executable content than something
between a binary data file and a soft link. But Windows thinks that
they can be `executed' (that was necessary to make them usable as
links, I guess), which is quite enough - when the loader analyzes the
file, it understands it's not a PIF but an EXE format executable
from the magic number and runs it.

Some olden virus-writers probably think that if one masquerades an
.exe as .pif, some olden antiviruses won't find them :). They are
making progress: the virus is about 25% smaller than its .C
predecessor:))))

P.S. And nobody even cared to remove staff@ from CC:)

-- 
DoubleF
Cloning is the sincerest form of flattery.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040303/f1ba225a/attachment.bin


More information about the freebsd-questions mailing list