1. Welcome to the new MacRumors forums. See our announcement and read our FAQ

Massive new Windows virus attack, set to target SCO: MyDoom

Discussion in 'MacBytes.com News Discussion' started by MacBytes, Jan 26, 2004.

  1. macrumors bot

    #1
  2. macrumors 68000

    #2
    Holy Mary I have this virus sitting in my Yahoo! inbox at this very instant.

    Thank God I have a Mac!



    ::whew::
     
  3. macrumors 6502a

    DreaminDirector

    #3
    another?!?!

    My god, the windows people have been getting hammered with Viruses lately... what's up with that?
     
  4. macrumors G5

    nagromme

    #4
    This virus works TWO ways

    I've been getting a steady 10+ copies an hour, and increasing. Worse than any previous virus--except that the file size is thankfully smaller than some.

    We can't get viruses but we can still suffer when Windows folks stuff our mail with them!

    Edit: this virus does something NEW, to me:

    It does not JUST send to and from emails harvested from files on PCs. It ALSO sends using MADE-UP "From" addresses at real domains--just like spammers do. Emails pretending to be from John@mydomain.com, say, when there is no John.

    Result: the REAL owner of mydomain.com gets back an error message when/if the detination (are some of those made up too?) fails. That error contains the virus and clogs email even WORSE than a normal virus.

    I am getting a ton of "returned undeliverable" messages from ISPs, thinking my site sent the email--when in fact the From address was a pure fake. Just great.

    And I know this virus fakes mail-error subjects too--that's not what I'm talking about. I'm getting REAL errors back from the virus attempting a bad address.

    I don't see how this helps the virus spread that much, but it DOES clog the 'net worse than ever.
     
  5. macrumors G5

    nagromme

    #5
    Wow what a nightmare

    This virus does more than just target SCO on Feb 1. CNN has been updated:

    "When loaded, some versions of the worm launch Notepad and show random characters. At the same time it replicates itself and installs a "keystroke" program that allows a hacker to break in and record everything being typed, including passwords and credit card numbers."

    Not to mention that Windows viruses can already read from files stored on the HD (which is how they harvest email addresses from documents, NOT just address book data). And then you have MS Office and Word, secretly UN-deleting erased files and cache data and embedding the data invisibly at the end of documents, where viruses--or anyone who receives your Office documents--can now easily access what you thought was gone. http://www.macintouch.com/o98security.html (This problem is NOT specific to Mac Office 98--it's in other versions and on PC too. I wish I knew if v.X was "safe" or not.)

    The article mentions two other new Windows viruses out now too--so far, less serious ones.
     
  6. Moderator

    Nermal

    Staff Member

    #6
    Ah, the missing piece of the puzzle.

    My mum got a message today saying that the file she sent to person X contained a virus. But she hadn't sent any files to that person. It seems that person Y, who had both my mum and person X in their address book, is infected with this virus.

    It gave me a bit of a fright though, mum's running Norton, which came bundled with the computer. I promptly removed Norton and installed a "real" virus scanner :)
     
  7. Moderator emeritus

    edesignuk

    #7
    Well, Symantec Antivirus 8.1 Corporate Edition hasn't done me wrong yet, lets hope it stays that way, it checks for updates and automatically installs them every night anyway.
     
  8. macrumors 6502a

    Sabenth

    #8
    So far so good nothing hit me :) PC or Mac though this one dose concernenn me a bit..
     
  9. macrumors 65816

    #9
    Heard some insider info.

    It targets SCO, but it's moreless it's the big virus that MS said that couldn't happen.

    This is first strike servo against MS from virus underground. Which is related to groups MS and the FBI recently targeted with their money for virus programmer tips.

    3-4 altered ver. of this virus are now being released into the wild.
     
  10. pEZ
    macrumors 6502

    #10
    I actually just got a couple of these e-mails over the past few days. The first was claiming that I had to run an attached executeable document in order for my PayPal account to not be terminated. Ha. And yesterday, I got this funky e-mail with "cgnzzqew" as the subject from uwmadison@admissions.wisc.edu (I go to school at the UW), where in the body all it said was "test" with a .pif file along with it. I love my Mac.

    By the way, what exactly is a .pif file? Like what would it normally be on a Windows machine?
     
  11. Moderator emeritus

    edesignuk

    #11
    .pif :D
     
  12. macrumors 65816

    Photorun

    #12
    Phaw, if it's only affects peecee users screw 'em, it's their stupid fault to be using peecees.
     
  13. macrumors 603

    Dont Hurt Me

    #13
    Meanwhile Bill Gates is saying we have the most secure OS in the world and Blah Blah Blah. I wonder if they believe anything that comes out of their own mouths?
     
  14. macrumors 65816

    1macker1

    #14
    If a person is dumb enough to open something from a total stranger, then it's their fault. All OS are vulnerable to stupidity.
     
  15. macrumors 65816

    billyboy

    #15
    But it is sooo tempting just to have a peak at something you know instinctively you shouldn't.

    I'm more annoyed that this binary attachment thing got through my junk filter into my In box - Windows users can keep their viruses, but please, leave my mailbox out of it!
     
  16. macrumors 65816

    #16
    wowsa... that explains the urgent email that was sent down through our company telling us we weren't supposed to read any email today until we had updated our virus defs...

    matt
     
  17. macrumors 6502

    #17
    I find it pretty ironic(or atleast damn funny) that Bill Gates was just recently(today even?) slamming Mac, linux etc. about security while PC users are getting hit by yet another windows virus. While the rest of us using our *horribly insecure* OS's get away again with no danger to our systems at all.
     
  18. Moderator emeritus

    Rower_CPU

    #18
    Not all of them are sent from strangers.

    Stupid is as the OS allows you to do. ;)
     
  19. macrumors 68040

    shamino

    #19
    PIF files

    PIF stands for Program Information File. It is a file whose format dates all the way back to the days of Windows 1.0. It contains the information that Windows needs in order to launch an MS-DOS program. It contains things like the program's filename, command-line arguments, and parameters for the DOS box (virtual memory, video settings, etc.) that may be needed to launch it.

    When you double-click a PIF file, the associated DOS program is launched with all the parameters contained in the PIF.

    Since the introduction of Win95, PIF files are seen by Explorer (that is, the desktop) as shortcuts that point to applications. They are effectively the same as the .lnk files that are created today when you create shortcuts to console applications.

    They are popular for virus-writers because a PIF file contains no executable content (and therefore no virus code), but they can contain command-lines that can direct Windows to do real damage. For instance, one may contain the "FORMAT" command with appropriate options to erase your hard drive, or it may contain an "OPEN" command that launches Internet Explorer with a malicious web page. :eek:
     
  20. macrumors regular

    #20
    Re: PIF files

    MS Internet Explorer used to have a malfeature where it would recognize and run an executable file even if it had a non-.EXE extension. Combined with MS Outlook's original behavior of passing attached .PIFs and .SCRs etc. to IE without so much as an eyeblink, Windows viruses and trojan horses were easy.

    It's evident that there are plenty of old Windows systems out there that still do this.
     

Share This Page