I see the end. It is coming. Being behind a 'million dollar firewall' here on our college campus, I haven't gotten many virus .pif attached E-mails. Yesterday, I got 12. This morning I got one from the campus server. The campus server had been spoofed overnight, and every school E-mail account received an E-mail following proper protocol saying that your computer was suspected to be infected and would you please download the attachment for more information. The attachment is a .pif file. It took the IT people 4 hours to realize what happens, and anyone who checked their E-mail this morning and didn't realize that they were downloading the virus now has it. Is this a new virus outbreak, or are we now finally getting the backwash from some earlier epidemic?

I have been fooling with Netsky (the pif one) and Bagle (the zip file one) all day. (both relatively new. (like in the last couple of weeks. The variants for these viruses have been hitting fast a furious. So I think we are just seeing the peak of the infection. (At least I hope it is the peak. :( )

Bagle.J variant was getting around my e-mail servers virus scan due to a delayed virus def update this morning. Luckily none of my clients opened it. (that I know of)

But basically, unless the PC's on the campus network all have antivirus installed locally, your campus IT guys are going to have a very bad day. ;)

At the peak of the Blaster virus late last year, it was consuming 2/3rds of the 30MB/s bandwidth routed to the campus. The only way they managed to kill it was by reformatting every HD on campus!! I wonder if it'll come to that again?

ouch that has gotta hurt

wouldnt wanna reformat every single computer imagine how much time its gonna tke to get everything up and running again ick

One of the damn liberal departments (finance, sales, or accounting) at my company got Beagle/Bagle. We all recieved a nice official looking e-mail saying that we all needed to download an attached encripted .zip file. Luckily we build UNIX systems, and all but the three departments are required to use only Our systems, or Macs for critical work, so the impact was light. Just imagine if we ran windows.... Good bye *** ************, ***. (Name sanitized for security reasons, but you could figure it out if you want.)

I can see this as the demise of Windows if entire companies fold over these viruses.

TEG

Ouch! My mate got an email virus on the network today but luckily the anti-virus stuff on the campus network had already picked it up and replaced the offending attachment with a warning text message. He was worried though because it said that he was going to have his email account removed if he fooled around any more on it and was told to open the attachment for information how to prevent that from happening again. Of course, it was a virus writer's trick to get him to open the attachment and nothing to do with admin whatsoever.

I've had 3 virus emails downloaded on my Mac today but, of course, I'm immune. The uni anti-virus program caught it each time though and removed the virus in each case. I guess my uni is better equipped... One day they'll realise that Macs are the way to go..

The techie guys at my place informed me that 3 of our users were spoofed, but they were contained. We're pretty resiliant otherwise to receiving viral mails, although the scanning software is working at such a rate it brings the server down to a grinding halt.

So unless your guys are savvy, and it sounds they may not win awards, then you cold be seeing the echoes of this for a long time.

What's a .pif file????

I know about .exe, .com, .bat, .vbs, etc but I have never heard of .pif being an executable!

What's a .pif file????

I know about .exe, .com, .bat, .vbs, etc but I have never heard of .pif being an executable!

Most viruses are type .pif or .zip

Ahh really Classy AOL...

I apparently sent myself over 124 e-mails to... myself yesterday...


Hmm this is weird...

All different type of Windows Virus's ...
Blaster...Beagle...

hmmm... thats weird.

Most viruses are type .pif or .zip


Okay, but will Windows execute these files?

I always use WinRar to open zip files, I never execute them...??? :confused:

Okay, but will Windows execute these files?

Yes. Simply decompressing the contents of a compressed archive can cause many viruses to execute. Others will lay dormant until executed by activating one of the contained files in some manner. This could be accomplished in a variety of ways besides clicking on the file.

All these virii (?) and yet people still say Macs suck :rolleyes:

Last week I was back home in Boston cleaning my dads 2 peecees of junk mail and virii, the whole time cursing m$'s whole empire :mad: Took a whole week to fix 2 machines

All these virii (?) and yet people still say Macs suck :rolleyes:

Last week I was back home in Boston cleaning my dads 2 peecees of junk mail and virii, the whole time cursing m$'s whole empire :mad: Took a whole week to fix 2 machines

Viruses

http://www.cknow.com/ckinfo/acro_p/pif_1.shtml

Its called social engineering and it hit our company about 2 weeks ago. There were other offices that got a few nasty outbreaks because some incoming e-mail was addressed with the name of our company with the title saying: Warning about your e-mail account.

The body:

Dear user, the management of [insert company name here].com mailing system wants to let you know that, Your e-mail account has been temporary disabled because of unauthorized access.For more information see the attached file.
For security reasons attached file is password protected. The password is "15520".

Best wishes,
The [insert company name here].com team http://www.[insert company name here].com.com

Its a brilliant social engineering scheme since it has the company's name in the the body of the message. More accurately it has the e-mail domain in the body of the message that happens to be the company name.
Consequently you have a bunch of morons who actually run the executable.

For those that are pissing on windows think about this a second. A user is running a program on the machine. This is NOT the OS's fault. This is a social engineering scheme.

Unfortunately since I'm not allowed to communicate to my customers office wide in an e-mail (At least before this outbreak.) I wasn't allowed to send out a security warning that our company does NOT distribute patches via e-mail.

Here's the thing though. We have Norton AV Corp edition and a Norton AV parent server that updates everyone's machine on an hourly basis, or whenever Norton releases a new AV definition. So our users were set to take on Beagle a few days earlier. Consequently when the morons went to run the program, Norton caught it an alerted me on my computer. Mon-Wed of that week my Norton Command Console lite up like a Christmas tree. But I can thankfully say there was not one single infection in this office of 250. As far as I'm concerned NAV is the single most important piece of software on Windows which is sad, but until you get a user that can't be fooled by semi-official looking e-mails NAV will always be necessary and here's the kicker. These e-mail viruses are virues not worms. Infection is self-inflicted by the user because they are stupid enough to run a program on their system. This would potentially work exactly the same on a Mac.
My concern is that Mac users have been lulled into a false sense of security. Its possible that at some point someone will take advantage of this and cause some major havoc with Apple Script. It hasn't happened yet mostly I'm guessing because Mac users aren't masochists. :p They aren't looking to take down their platform. Generally if a user is going to spend that kind of cash on a computer they are spending it because they like the platform. Windows users and Linux users have a love hate relationship with Windows. (Not all but a lot.) We use it because it’s the standard. Doesn't mean we like it. Since any teen can build a PC for a few hundred and pirate Windows from a friend it's not a good relationship going there. Also its not as if you can run a Mac emulator on Windows or Linux. Consequently getting the environment to build a virus requires a fairly substantial investment. At minimum a few hundred off of e-bay. I highly doubt the average virus writer is going to spend money on such an endeavor. *shrugs* my .02 cents.

Most viruses are type .pif or .zip

Zip isn't an executable just as a txt file isn't an executable. Its an archive folder contains the virus executable that is usually in com, pif, exe, vbs format. The intention is to trick up the virus scanning software on the mail servers. Some software, if the zip file is password protected, can't read the contents of the file and pushes it through.

Extracting the file typically does not run the file but zip files can contain instructions on what to do after it extracts the file so it could "possibly" run it.

What's a .pif file????

I know about .exe, .com, .bat, .vbs, etc but I have never heard of .pif being an executable!

This is why this format has become so popular to use in virus propagation. Its unknown. Another good method is .SCR a.k.a screen savers. This is a form of executable known to the OS that is run as a screen savers. Virus writers can embed malicious code in the screen saver that can do the same thing as what a normal exe, com, etc could do.

about 5 or 6 weeks ago our campus was flooded with viral email attachments, at one point I was gettting over 10 a day to my campus email account, including the one you described, claiming it was from the "union.edu team"

Eventually they had to take the whole network down for a while...

<snip>

Good explanation.

I just got four of these e-mails, all in the same day. One of them purported to be from a friend of mine, so apparently they got into his e-mail account. Bummer.

For those that are pissing on windows think about this a second. A user is running a program on the machine. This is NOT the OS's fault. This is a social engineering scheme.

Granted that much of it IS social engineering, however Windows IS also inherently more vulnerable. For a virus to be able to modify and damage import system files, the Unix core of Mac OS X would require the user to enter an administration password. On Windows you only have to execute the file. It is a lot easier to convince a computer newbie to launch a file than to get them to enter in an administration password. ;)

Really dumb question: If the university server were an Apple G5 server, would that have any effect? Or does it pass through to the end user no matter what - so you'd have to have all Macs to not be affected by Wintel virii?

A Mac will not actively participate in virus redistribution. However, a Macintosh user will recieve strange 'undeliverable' E-mail returns because a compromised server my still spoof your E-mail account even without your Mac on or connected to the internet.

Correct me if I'm wrong here...

Really dumb question: If the university server were an Apple G5 server, would that have any effect? Or does it pass through to the end user no matter what - so you'd have to have all Macs to not be affected by Wintel virii?


It wouldn't matter. If the U was running a G5 as a mail server the best you could hope for would be that it would strip the infected attachments, or e-mails altogether, off and forward the rest of the e-mail on to the user.
That's assuming I'm understanding what you are asking. There are loads of possible e-mail and e-mail server configurations I'm reading your post as the G5 would be the "home" mail server for all the various e-mail accounts.

Granted that much of it IS social engineering, however Windows IS also inherently more vulnerable. For a virus to be able to modify and damage import system files, the Unix core of Mac OS X would require the user to enter an administration password. On Windows you only have to execute the file. It is a lot easier to convince a computer newbie to launch a file than to get them to enter in an administration password. ;)

True. Windows core problem is that by default it has zero security. That can be fixed by giving the user power user rights only but that requires more then basic level skills and is typically above the average user. That and when set to power user you typically run into problems running programs. That where *nix and OS X shine. The default rights are strong enough to do your typical work. MS still hasn't learned this. Wait. Oops preaching to the choir. :p

Oh on a side note. I just had someone come back to be yesterday about purchasing a new 17" iMac. (He had asked me last week what system I recommended. Sent him to the Apple store. Picked his system up Friday. I'm never seen anyone so excited about an computer\OS before. :)

I guess what I was going for was, "If ALL of the university's servers were G5s (or G4s) - would that make any difference in stopping viruses from affecting PC computers on campus.

(Instead of replacing ALL students' computers with macs, could the servers be changed to stop the problem before it gets to the students?)

I guess what I was going for was, "If ALL of the university's servers were G5s (or G4s) - would that make any difference in stopping viruses from affecting PC computers on campus.

(Instead of replacing ALL students' computers with macs, could the servers be changed to stop the problem before it gets to the students?)

Unfortunately, I don't think that adding a Mac shell can protect Windows boxes. If all traffic onto the computers is channeled through a firewall on the servers, then it doesn't matter what OS they are running as long as they have comparable virus detection software.

An e-mail server on any platform could (a) let viruses through or (b) be set up with virus filtering software. The filters could check for viruses that affect any platform, not just the platform of the mail server. (I'm not distinguishing viruses from worms in this discussion.)

Of the infected messages that do get through to your PC or Mac, (c) they could be received intact or (d) virus software on your computer could filter them out, assuming it's up to date.

Of the remaining infected messages, almost all are (e) designed to infect PCs and almost none are (f) designed to infect Macs.

Of those messages, most can't do anything unless one of these three cases applies:

(g) You open an attachment and (h) the attachment can execute code and (i) it has the ability to change or store files on your system, particularly in operating system directories.

or

(j) The virus can execute if you just VIEW the message, without having to open its attachments.

or

(k) You are somehow convinced to store the file in an operating system directory.

Windows is much more susceptible to (h) than Mac OS X because of the many executable file types (e.g., .pif files). Under Mac OS X, (i) and (k) would presumably succeed only if you entered your admin password.

I remember only one case of (j), a Subject-field buffer overflow bug in MS Outlook a few years ago. I've never heard of one for the Mac.

So, the only cases where you are in danger from e-mail on a Mac are:
(a) -> (c) -> (f) -> (g) -> (h) -> (i)
and
(a) -> (c) -> (f) -> (k)

and you are protected on many levels:
(a) won't happen if your ISP or mail admin provides filtering
(c) won't happen if you have up-to-date virus software installed
(f) and (h) are rarer for Macs
(g) and (i) and (k) can be prevented by common sense - not executing unknown programs and not entering your admin password unless you know why you are being asked for it.

Viruses don't have to travel by e-mail, of course. You can also be infected with a virus when (l) you install infected software you've downloaded, (m) you acquire and execute an infected file some other way, e.g., from P2P software or a CD-ROM, (n) another computer on your network is infected and the virus has been written so that it travels from that computer's platform to yours, or (o) a hacker gets onto your system over a network.

It's up to you to prevent (l) and (m) by installing only software from trustworthy sources. Darwin is a good base to prevent (n) and (o), and Apple does a good job providing security updates to prevent newly discovered vulnerabilities in those areas.

So, when it comes to viruses, Mac users have good reason to sleep more peacefully than Windows users.

Too many letters!! I got lost around (h) I think. :(

I think that you laid it out accurately though from what I grasped. :p

i love it when the pc zealots diss on the mac for the purported lack of software. i just smile as they deal with all these viruses, but hey macs aren't compatible.

i love it when the pc zealots diss on the mac for the purported lack of software. i just smile as they deal with all these viruses, but hey macs aren't compatible.

Raises hand has one of those PC users who has never gotten a virus even though he doesn't run AV software on any of his systems other then his home server.
A little built in caution, setting users rights to power user on the desktop, and a good solid firewall on every system makes all the diff in the world. with a good firewall I don't have to patch my system nearly as often as those that don't have one. Each platform be it Windows, OS X, or Linux has its strengths and weaknesses. Like it or not software IS a concern for the Mac (I still haven't found a robust piece of software that does as good of a job for GPS mapping as Microsoft MapPoint and a USB GPS unit. Something that has been a godsend on cross country trips.) Security is a concern for Windows. A crappy GUI is a concern for Linux. I've still had problems installing software in Linux. The method of installing software is still, IMHO, convoluted.
No platform is perfect and like it or not this includes Mac OS X.

Raises hand has one of those PC users who has never gotten a virus even though he doesn't run AV software on any of his systems other then his home server.
...

Raises hand as an IT guy on a campus where at the height of the virus/worm outbreaks last August, an un-patched/un-protected PC would be infected within 4 seconds of completing boot up.

It really depends on context. Someone on an always on connection has a far greater chance of getting hit than someone on dial-up; same thing goes for campus/business network versus home network.

I agree with the rest of your statements, however. :)

What's a .pif file????

I know about .exe, .com, .bat, .vbs, etc but I have never heard of .pif being an executable!


Pifs came about in Windows 3.1. They were kinda like registry settings in 3.1 little batch files for the system.. Unfortuantly Windows doesn't use them anymore, but forgot to code them out of the OS.

If you don't have anti-virus, how would you know that your computer has been hit? Not all viruses have a direct impact.

Pifs came about in Windows 3.1. They were kinda like registry settings in 3.1 little batch files for the system.. Unfortuantly Windows doesn't use them anymore, but forgot to code them out of the OS.

Like the Program Manager? That was still in winME last time I checked :rolleyes:

.pif stands for Program Information File if I remember correctly.