Massive new Windows virus attack, set to target SCO: MyDoom

Discussion in ' News Discussion' started by MacBytes, Jan 26, 2004.

  1. sethypoo macrumors 68000

    Oct 8, 2003
    Sacramento, CA, USA
    Holy Mary I have this virus sitting in my Yahoo! inbox at this very instant.

    Thank God I have a Mac!

  2. DreaminDirector macrumors 6502a


    Sep 3, 2002
    Ladera Ranch, CA

    My god, the windows people have been getting hammered with Viruses lately... what's up with that?
  3. nagromme macrumors G5


    May 2, 2002
    This virus works TWO ways

    I've been getting a steady 10+ copies an hour, and increasing. Worse than any previous virus--except that the file size is thankfully smaller than some.

    We can't get viruses but we can still suffer when Windows folks stuff our mail with them!

    Edit: this virus does something NEW, to me:

    It does not JUST send to and from emails harvested from files on PCs. It ALSO sends using MADE-UP "From" addresses at real domains--just like spammers do. Emails pretending to be from, say, when there is no John.

    Result: the REAL owner of gets back an error message when/if the detination (are some of those made up too?) fails. That error contains the virus and clogs email even WORSE than a normal virus.

    I am getting a ton of "returned undeliverable" messages from ISPs, thinking my site sent the email--when in fact the From address was a pure fake. Just great.

    And I know this virus fakes mail-error subjects too--that's not what I'm talking about. I'm getting REAL errors back from the virus attempting a bad address.

    I don't see how this helps the virus spread that much, but it DOES clog the 'net worse than ever.
  4. nagromme macrumors G5


    May 2, 2002
    Wow what a nightmare

    This virus does more than just target SCO on Feb 1. CNN has been updated:

    "When loaded, some versions of the worm launch Notepad and show random characters. At the same time it replicates itself and installs a "keystroke" program that allows a hacker to break in and record everything being typed, including passwords and credit card numbers."

    Not to mention that Windows viruses can already read from files stored on the HD (which is how they harvest email addresses from documents, NOT just address book data). And then you have MS Office and Word, secretly UN-deleting erased files and cache data and embedding the data invisibly at the end of documents, where viruses--or anyone who receives your Office documents--can now easily access what you thought was gone. (This problem is NOT specific to Mac Office 98--it's in other versions and on PC too. I wish I knew if v.X was "safe" or not.)

    The article mentions two other new Windows viruses out now too--so far, less serious ones.
  5. Nermal Moderator


    Staff Member

    Dec 7, 2002
    New Zealand
    Ah, the missing piece of the puzzle.

    My mum got a message today saying that the file she sent to person X contained a virus. But she hadn't sent any files to that person. It seems that person Y, who had both my mum and person X in their address book, is infected with this virus.

    It gave me a bit of a fright though, mum's running Norton, which came bundled with the computer. I promptly removed Norton and installed a "real" virus scanner :)
  6. edesignuk Moderator emeritus


    Mar 25, 2002
    London, England
    Well, Symantec Antivirus 8.1 Corporate Edition hasn't done me wrong yet, lets hope it stays that way, it checks for updates and automatically installs them every night anyway.
  7. Sabenth macrumors 6502a


    Jan 24, 2003
    So far so good nothing hit me :) PC or Mac though this one dose concernenn me a bit..
  8. ITR 81 macrumors 65816

    Oct 24, 2003
    Heard some insider info.

    It targets SCO, but it's moreless it's the big virus that MS said that couldn't happen.

    This is first strike servo against MS from virus underground. Which is related to groups MS and the FBI recently targeted with their money for virus programmer tips.

    3-4 altered ver. of this virus are now being released into the wild.
  9. pEZ macrumors 6502

    Feb 2, 2003
    Madison, Wisconsin
    I actually just got a couple of these e-mails over the past few days. The first was claiming that I had to run an attached executeable document in order for my PayPal account to not be terminated. Ha. And yesterday, I got this funky e-mail with "cgnzzqew" as the subject from (I go to school at the UW), where in the body all it said was "test" with a .pif file along with it. I love my Mac.

    By the way, what exactly is a .pif file? Like what would it normally be on a Windows machine?
  10. edesignuk Moderator emeritus


    Mar 25, 2002
    London, England
    .pif :D
  11. Photorun macrumors 65816


    Sep 1, 2003
    Phaw, if it's only affects peecee users screw 'em, it's their stupid fault to be using peecees.
  12. Dont Hurt Me macrumors 603

    Dont Hurt Me

    Dec 21, 2002
    Yahooville S.C.
    Meanwhile Bill Gates is saying we have the most secure OS in the world and Blah Blah Blah. I wonder if they believe anything that comes out of their own mouths?
  13. 1macker1 macrumors 65816


    Oct 9, 2003
    A Higher Level
    If a person is dumb enough to open something from a total stranger, then it's their fault. All OS are vulnerable to stupidity.
  14. billyboy macrumors 65816


    Mar 15, 2003
    In my head
    But it is sooo tempting just to have a peak at something you know instinctively you shouldn't.

    I'm more annoyed that this binary attachment thing got through my junk filter into my In box - Windows users can keep their viruses, but please, leave my mailbox out of it!
  15. mkaake macrumors 65816

    Apr 10, 2003
    wowsa... that explains the urgent email that was sent down through our company telling us we weren't supposed to read any email today until we had updated our virus defs...

  16. beg_ne macrumors 6502

    Jul 3, 2003
    I find it pretty ironic(or atleast damn funny) that Bill Gates was just recently(today even?) slamming Mac, linux etc. about security while PC users are getting hit by yet another windows virus. While the rest of us using our *horribly insecure* OS's get away again with no danger to our systems at all.
  17. Rower_CPU Moderator emeritus


    Oct 5, 2001
    San Diego, CA
    Not all of them are sent from strangers.

    Stupid is as the OS allows you to do. ;)
  18. shamino macrumors 68040


    Jan 7, 2004
    Purcellville, VA
    PIF files

    PIF stands for Program Information File. It is a file whose format dates all the way back to the days of Windows 1.0. It contains the information that Windows needs in order to launch an MS-DOS program. It contains things like the program's filename, command-line arguments, and parameters for the DOS box (virtual memory, video settings, etc.) that may be needed to launch it.

    When you double-click a PIF file, the associated DOS program is launched with all the parameters contained in the PIF.

    Since the introduction of Win95, PIF files are seen by Explorer (that is, the desktop) as shortcuts that point to applications. They are effectively the same as the .lnk files that are created today when you create shortcuts to console applications.

    They are popular for virus-writers because a PIF file contains no executable content (and therefore no virus code), but they can contain command-lines that can direct Windows to do real damage. For instance, one may contain the "FORMAT" command with appropriate options to erase your hard drive, or it may contain an "OPEN" command that launches Internet Explorer with a malicious web page. :eek:
  19. Qunchuy macrumors regular

    Jul 17, 2002
    Re: PIF files

    MS Internet Explorer used to have a malfeature where it would recognize and run an executable file even if it had a non-.EXE extension. Combined with MS Outlook's original behavior of passing attached .PIFs and .SCRs etc. to IE without so much as an eyeblink, Windows viruses and trojan horses were easy.

    It's evident that there are plenty of old Windows systems out there that still do this.

Share This Page