think i just got sent a MAC virus

Discussion in 'Mac Help/Questions and Tips' started by robotjustin, Jun 17, 2004.

  1. robotjustin macrumors newbie

    Joined:
    Sep 4, 2003
    #1
    Got a weird email from "karenheston@mac.com"

    Here's a screenshot of what was inside.

    Well, that didn't work.

    I get virus-lookin emails often, but this is the first .mac I've seen.

    Don't know what a .pif file is, tho, or if it would run on an Apple.

    Any ideas?

    :confused: :confused: :confused: [​IMG]
     

    Attached Files:

  2. applemacdude macrumors 68040

    applemacdude

    Joined:
    Mar 26, 2001
    Location:
    Over The Rainbow
  3. bousozoku Moderator emeritus

    Joined:
    Jun 25, 2002
    Location:
    Gone but not forgotten.
    #3
    The .pif file format is a Windows program information file. There have been a few Windows viruses using those, but it's not a Mac (it's not MAC) virus.
     
  4. jxyama macrumors 68040

    jxyama

    Joined:
    Apr 3, 2003
    #4
    almost all virus emails spoof the sender name. so having the email come from a .Mac address doesn't mean it's a Mac virus.
     
  5. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #5
    Mostly files with .pif extensions are Windows files that are used to run MS-DOS programs. IIRC, when you run an MS-DOS program and change the window preferences (like which screen height the DOS prompt opens up as, full screen, etc) then Windows automatically creates a .PIF file, and in the future you double click it instead of the program.

    But I guess just cuz it comes from a .mac doesn't mean it was generated by a mac. EDIT: oops, like JXYama said, its most likely a spoof address. Does sound like its a PC virus though. :(
     
  6. robotjustin thread starter macrumors newbie

    Joined:
    Sep 4, 2003
    #6
    Junk mail

    Well, that's good.

    But now all .mac emails go into junk folder!

    Bastards!
     
  7. rainman::|:| macrumors 603

    rainman::|:|

    Joined:
    Feb 2, 2002
    Location:
    iowa
    #7
    Umm, there are a lot of people who actually use them... Just let your junk mail filter do it's job, if you're using OS X... If not, get a big-boy OS, switch to Mail.app, and train it for a while-- before long you'll never see files like this...

    paul
     
  8. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #8
    Just as a semi-OT, what's considered "a while"? Mail.app still seems to be getting steadily better but I've been training it for a couple weeks and it still seems to make surprising errors, like those "free prescription drugs" e-mails are still getting through. :(

    Also does Mail continue to train when its in the productive mode (with a Trash folder)?
     
  9. King Cobra macrumors 603

    Joined:
    Mar 2, 2002
    #9
    This is the only known virus for Mac OS X out there: http://www.funmac.com/showthread.php?t=6300

    But if you read through the whole thread, you'll find out that it's not a real virus...


     
  10. themadchemist macrumors 68030

    themadchemist

    Joined:
    Jan 31, 2003
    Location:
    Chi Town
    #10
    from his screenshot, it seems clear he's using os x and, incidentally, mail, as well.
     
  11. virividox macrumors 601

    virividox

    Joined:
    Aug 19, 2003
    Location:
    Manila - Nottingham - Philadelphia - Santa Barbar
    #11
    well unless u open it under vpc then ur computer couldbe affected, but only the windows image file, not os x
     
  12. whooleytoo macrumors 603

    whooleytoo

    Joined:
    Aug 2, 2002
    Location:
    Cork, Ireland.
    #12
    It's certainly not a virus.

    jbzoller is wrong though, it doesn't need to be self-executing to be a trojan horse. It was a benign proof-of-concept trojan that a developer wrote to illustrate a vulnerability in OSX (similar to other vulnerabilities in OS9 and Windows). Intego's reporting of it was grossly irresponsible.
     
  13. themadchemist macrumors 68030

    themadchemist

    Joined:
    Jan 31, 2003
    Location:
    Chi Town
    #13
    Well, I think that only VPC would be affected, right? Unless the developer of the virus specifically had in mind some loophole between VPC and OS X, the virus should be contained within its native environment. That is, because the virus can't infect OS X, it probably shouldn't be able to do any damage outside the confines of VPC.

    Of course, I haven't used VPC much, so I don't know how much damage that could be. Does it have some AtEase-type protection, so that your system is insulated? I'm thinking that you probably couldn't do things like reformat or corrupt OS X system files from within VPC, but maybe I'm wrong.

    I suppose you could still screw with user documents.

    Of course, as a post-doc pointed out to me once, the most debilitating OS X virus would be to simply to send out a mass e-mail saying, "Hey! Check out this cool new trick I found in the terminal. Log in as root, type the following and press return."

    "The following" would be the command to reformat the hard drive. :D
     
  14. robotjustin thread starter macrumors newbie

    Joined:
    Sep 4, 2003
    #14
    junk filter

    actually, i tried to create a rule that would scan the content of the emails for .pif extensions, and route them into a virus folder, but didn't seem to want to work.

    I have been training the junk filter for awhile, but have been getting some incredibly random emails lately, (although lots are hotmail) and thhey all seem to be .pif files with some stupid invitation like "why don't you check out this file?" or "here's the file I sent you."

    Should work, but doesn't. huh :(
     
  15. bousozoku Moderator emeritus

    Joined:
    Jun 25, 2002
    Location:
    Gone but not forgotten.
    #15
    How many of the people you know use "you" or "I" or "?" in the subject? When I used to get a lot of spam, I would check for those separately.
     
  16. robotjustin thread starter macrumors newbie

    Joined:
    Sep 4, 2003
    #16
    re: I and you

    99% of mine are RE: PER OUR CONVERSATION or RE: Info or other generallly obnoxious things. Interesting how virus writers have such a head for the mundane
     
  17. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #17
    Yeah, I have yet to get even one *legitimate* offer from a Nigerian beaurocrat-in-hiding who wants to transfer a million dollars into my account to use it as a shield to protect cabinet members in his party from the ruling coalition. :D
     
  18. Doctor Q Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #18
    That's because you are doing it wrong. If you wait for them to come to you, you'll only hear from the ones who were lucky enough to run into your e-mail address and who happen to know what a reliable partner you'd make. Instead, you've got to take action: get a Nigerian phonebook and contact each businessman in the country, looking for partners. That's how I got lots of new financial partners. They are each going to give me a share of a million dollars. I had to pay them a few fees to get the deal started, and they are taking a little longer than I expected to give me my big payback, but I'm sure the checks are in the (e-)mail. :) ;)
     

Share This Page