Jump to content

Virus going around

Ruin

By Ruin
in Computer Discussions

 Share

Recommended Posts

Ruin Ghost - 1st Class

Ruin

Posted
Posted

I've gotten two e-mails today (one from rocky@ghostrecon.net and ben@bencummings.net) that contained a .pif file.

AFAIK this is a virus file and hotmail did NOT pick it up. They're both around 100K each, so be wary.

The two files are:

document_9446.pif

document_all.pif

So be careful; both of them have this text in the messgae:

See the attached file for details

Also, I keep getting a lot of Mail Delivery Notification System ones with 100K attachments. Ones I know I did NOT send.

I just got one from deep6@thecombatzone.com

Here's the info:

From :  Mail Delivery System <Mailer-Daemon@host.amslanta.com>

To :  therealruin@hotmail.com

Subject :  Mail delivery failed: returning message to sender

Date :  Tue, 19 Aug 2003 16:09:57 -0400

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its

recipients. This is a permanent error. The following address(es) failed:

  deep6@thecombatzone.net

    This message has been rejected because it has

    a potentially executable attachment "wicked_scr.scr"

    This form of attachment has been used by

    recent viruses or other malware.

    If you meant to send this file then please

    package it up as a zip file and resend it.

Link to comment
Share on other sites
BlueRose_76 Pointman - 3rd Class

BlueRose_76

Posted
Posted (edited)

Yeah, its a relatively new worm, the W32.Sobig.f

Properties of the email it sents

-Subjectfield:

Re: Thank you!, or;

Re: Details

Re: Re: My details

Re: Approved

Re: Your application

Re: Wicked screensaver

Re: That movie

-Message;

See the attached file for details

Please see the attached file for details

-Name attachment:

your_document.pif, or:

document_all.pif

thank_you.pif

your_details.pif

details.pif

document_9446.pif

application.pif

wicked_scr.scr

movie0045.pif

Edit; when you find "WINSTT32.DAT" and "WINPPR32.EXE" on local disks youre infected.

Got information on a dutch site, but if you google on the worms name, you sure will find it. Its isnt a dangerous one, but it is a pain ITA.

Be careful with all self-executable attachements, even if your hotmail filter lets it trough.

Edited by BlueRose_76
Link to comment
Share on other sites
Zantar45 Ghost - 1st Class

Zantar45

Posted
Posted

More of what BlueRose is talking about;

New Computer Virus Clogs E-Mail Inboxes

NEW YORK - A new strain of one of the most virulent e-mail viruses ever spread quickly worldwide Tuesday morning, causing fresh annoyance to users worn out by last week's outbreak of the Blaster worm.

The new virus, named "Sobig.F" by computer security companies, attacks Windows users via e-mail and file-sharing networks. It also deposits a Trojan horse, or hacker back door, that can be used to turn victims' PCs into senders of spam e-mail.

MessageLabs Inc., a company that filters e-mail for corporations, had blocked more than 100,000 copies of Sobig.F by midday Tuesday, making it by far the most active virus of the day.

"It's definitely spreading very quickly, just an incredible ramp-up so far this morning," said Brian Czarny, marketing director at MessageLabs. The variant is likely to be one of the more successful versions of a very successful virus strain, he said.

The previous Sobig.A and Sobig.B variants are both on MessageLabs' list of the biggest 10 e-mail viruses of all time.

The e-mail message that carries Sobig.F has the subject line "Re: Details" and the message "Please see attached file for details." If a recipient clicks on the attachment, which can have multiple names ending in the .pif file extension, the computer will be infected.

The virus will then send itself out to names found in the victim's address book and will use one of these names to forge a return address. As such, the infected party may not quickly learn of the infection, while an innocent party may get the blame for helping to propagate it.

Like all the other Sobig viruses, this version is programmed to self-destruct after two weeks, in this case on Sept. 10.

The Blaster worm is still at large. It uses a published flaw in Microsoft's Windows operating systems to spread via network connections, without using e-mail. It slowed down the Internet and caused computer restarts worldwide, but the attack it was programmed to carry out against a Microsoft Web site on Saturday proved harmless.

So far I got this virus 2 times today.

Thank goodness I always get rid of all my emails in the bulk folder without opening them.

Link to comment
Share on other sites
Zantar45 Ghost - 1st Class

Zantar45

Posted
Posted
DO NOT OPEN ATTACHMENTS YOU DONT KNOW WHERE THEY CAME FROM ! ! PLEASE ! !

It will be a nightmare for you if you do.

Best advice anyone can give.

I currently DO NOT open any emails if I don't know who they are from. I also get around 220-300 emails a day. :blink:

Because someone sold my info. <_<

Out of the almsot 300 daily emails there are sometimes around a dozen that contain viruses.Its gotten to the point where I check my email and empty the whole thing without even looking through them.

Link to comment
Share on other sites
Specter Ghost - 1st Class

Specter

Posted
Posted

Since my last post at around 18:52 where I had received 13 of these things, I have received 37 more of these viruses in my email box. This s**t is p*ssing me off big time. What's wrong with these assh*les?

@Zantar

I pull around 200 or more a day myself.

So far, I have received 50 of these d*mn things today. 50 ! ! Boy, what I wouldnt give to hang these b*stards out to dry ! !

Link to comment
Share on other sites
Avey Ghost - 1st Class

Avey

Posted
Posted
I got 13 in the past 7 hours.

DO NOT OPEN ATTACHMENTS YOU DONT KNOW WHERE THEY CAME FROM ! ! PLEASE ! !

It will be a nightmare for you if you do.

Don't get injured or sick in the UK!! Where my dad works (undisclosed Hospital in the UK) all the computers in the hospital have now been down for 24hrs!! :(

Link to comment
Share on other sites
~NkOgNiTo~ Pointman - 2nd Class

~NkOgNiTo~

Posted
Posted (edited)

just wanted to post a little warning to be careful what you open, i rarely send email to anyone, mostly it is used just for the forum reply notifications sent by this site and agr-s.com, this morning i recieved 5 email messages that were caught by NORTON AV, all 5 had viruses in them, one was in spanish, man even viruses are becoming bi-lingual, anyway one of the main reasons that i am posting in here is because one of them mentioned The PLatoon, one or two said they were returned because of a virus found, others said the recieptant had no room in their storage box, and one that the address did'nt exsist, i don't know if these messages were sent to me from another computer putting my address as the orig sender as a trick, or if somehow someone used my email address as the sender and these are ligit returns of the virus, anyway i have scanned my pc and it is clean...so just a heads up, for some strange reason that u don't have a AV that scans your email, be wary of returned messages, be sure you have sent email recently before u open it, the headers read something like..."Mail Delivery Subsystem" or "Mail Delivery System" or "Mail Administrator" and the one in spanish read "Postmaster@sion.com" , one was returned by AOL who i have noone in my address book with an AOL address and another from "tropicalfishstore.com" I DON'T HAVE ANY FISH!!! and of course there was the one from "support@theplatoon.com"....so just a lil heads up that someone has been busy... :nono:

EDIT:this was originally it's own topic so if it seems repetative, sorry, but i am leaving it as a source of more info on the topic... :ph34r:

Edited by ~NkOgNiTo~
Link to comment
Share on other sites
Stalker Ghost - 1st Class

Stalker

Posted
Posted

oh, sorry ,haven't noticed it <_<

but two warnmessages are better than one :rocky:

-Subjectfield:

Re: Thank you!, or;

Re: Details

Re: Re: My details

Re: Approved

Re: Your application

Re: Wicked screensaver

Re: That movie

-Message;

See the attached file for details

Please see the attached file for details

-Name attachment:

your_document.pif, or:

document_all.pif

thank_you.pif

your_details.pif

details.pif

document_9446.pif

application.pif

wicked_scr.scr

movie0045.pif

Link to comment
Share on other sites
Syncopator Pointman - 1st Class

Syncopator

Posted
Posted (edited)

Yup - 24 nonsense mails all infected - to my work addy.

Pain in the ###### looking thru them for the one useful email that I was after!

Looks like we all take the brunt.

Someone should write a mod based on some cyber-terrorists in a compound...armed with pea shooters...and the ghosts get to go in....

Hackers Hell or something like that...let us pop a few caps in the backsides of these computer nerd #### (use the imagination for suitable derogatory nomenclature ;) )

Edited for inappropriate content. -SOTOPhantm

Would make me feel better anyway.

Any takers?

Edited by Syncopator
Link to comment
Share on other sites
Avey Ghost - 1st Class

Avey

Posted
Posted
Yup - 24 nonsense mails all infected - to my work addy.

Pain in the ###### looking thru them for the one useful email that I was after!

Looks like we all take the brunt.

Someone should write a mod based on some cyber-terrorists in a compound...armed with pea shooters...and the ghosts get to go in....

Hackers Hell or something like that...let us pop a few caps in the backsides of these computer nerd twats.

Would make me feel better anyway.

Any takers?

What a great idea! Someone should do that :lol:

I've got two more 'Mail Delivery Subsystem' e-mails within 4hrs :angry:

:nono:

Link to comment
Share on other sites
BlueRose_76 Pointman - 3rd Class

BlueRose_76

Posted
Posted

Removed the ###### :o= .

With THIS little free AVscanner from Grisoft.

Its a decent FREE AV scanner and remover. Need to activate it through email. :thumbsup:

BTW, i dont think the virus installs by clicking on the *.pif attachments. I recommend, even if you not even opened an infected mail like i did, to scan.

Good Luck

BlueRose_76

Link to comment
Share on other sites
BlueRose_76 Pointman - 3rd Class

BlueRose_76

Posted
Posted

Watch it. The Sobig.F also install WITHOUT clicking the attachment.

When you view attachments in a preview window, for example if an attached jpg appears under the messagefield, it will install too. Recommend to trash all mail immediately with:

Re: Thank you!

Re: Details

Re: Re: My details

Re: Approved

Re: Your application

Re: Wicked screensaver

Re: That movie

in subjectfield when received.

Link to comment
Share on other sites
Havok Pointman - 2nd Class

Havok

Posted
Posted

Wow..that's odd. I just checked my email (scan all incoming with Norton anyways) and I got three of these infected emails. I mean it's odd that after checking it then firing up my homepage this is the first thing I see. My buddy sent me an email from his work and it was infected. New virus defintions were available today from Symantec too.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

Ghost Recon Net Forums

The worlds longest running Ghost Recon Forums, believe it or not we have been running these forums since 2003 - which predates the official forums!

Quick Internal Links

Quick External Links

Contact Us

  • Contact Ghost Recon Net
    • ×
    ×
    • Create New...