Virus Threat: Round Two

[Mark Henri]

I'm getting multiple emails with an PIF attachment like this--

thank_you.pif
details.pif
your_details.pif
etc

When I opened them in a binary editor they have windows api calls in them.
Has anyone else seen them? Is this round two of the MSBlast.exe? Or
simply an unrelated/opportunistic attack?

Mark Henri

 

[Mark Henri]

Nevermind, it's just WORM_SOBIG.E

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBIG.
E

 

[Ben W]

It was just doscovered today....

http://vil.nai.com/vil/content/v_100561.htm

 

[Marc Liron]

This is a NEW mass mailing worm, details in this
informative article:

http://www.updatexp.com/sobig-worm-f.html

UPDATE your antivirus now - and do not open the
attachments....

Marc Liron
www.updatexp.com