General discussion


we got some new threats, ever seen any of these?

By misscrf ·
one was our_secret.exe
another was an email titled FW: mailing error
Inside was a zip titled ""
inside that was a .pif file titled
"Winzipped-Text_Data.txt .pif"

Never heard of them, can't find them anywhere and Norton nor our firewall is catching them.

Any thoughts?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Try the following

by j.lupo In reply to we got some new threats, ... which lists a lot of hoaxes. If they are hoaxes, they would be listed here.

BTW: I would not have opened any of files. You may have infected your system. Never open something you don't recognize.

Collapse -

I never worry about that stuff

by DC_GUY In reply to we got some new threats, ...

It doesn't seem to be a problem with OS/X Panther.

Not because there aren't enough of us to interest the hackers, but because Panther is not a serially patched seven-year-old OS with seven-year-old defects that are still not fixed.

No, I'm not an Apple employee. Just one of the 5.9 billion people on this planet who DON'T enjoy having to learn to be a software mechanic just to get my computer to work most of the time.

Collapse -

I don't worry either

by Roger99a In reply to I never worry about that ...

I have a mail gateway that drops all those file types before they get to the mail server. Why do you need to get pif files in your email anyway?

Collapse -

New Virus

by jdmercha In reply to we got some new threats, ...

From Trend Micro:

Dear Trend Micro customer,

As of May 2, 2005, 11:50 AM (Pacific Daylight Time/GMT -7:00), TrendLabs
has declared a Medium Risk Virus Alert to control the spread of
WORM_SOBER.S. TrendLabs has received numerous infection reports indicating
that this malware is spreading in Germany and the U.S.A.

This worm spreads by mass-mailing copies of itself using its own SMTP
(Simple Mail Transfer Protocol) engine. It gathers its target recipients
from files with certain extensions names. Notably, it avoids sending
messages to addresses that contain specific strings. Using social
engineering techniques, it sends out an email supposedly sent by the soccer
organization FIFA, informing recipients that they have won tickets for the
upcoming FIFA World Cup 2006 in Germany.

The email it sends out has the following details:

From: (any of the following)
. Admin
. hostmaster
. info
. postmaster
. register
. service
. webmaster

Subject: (any of the following German subjects)
. Glueckwunsch: Ihr WM Ticket
. Ich bin's, was zum lachen
. Ihr Passwort
. Ihre E-Mail wurde verweigert
. Mail-Fehler!*
. WM Ticket Verlosung*WM-Ticket-Auslosung

(or any of the following English subjects)
. Re:
. Your Password
. Registration Confirmation
. Your email was blocked
. mailing error

Message body: (any of the following)

. Passwort und Benutzer-Informationen befinden sich in der beigefuegten
Anlage. *-* http://www.
*-* MailTo: PasswordHelp

. Diese E-Mail wurde automatisch erzeugt
Mehr Information finden Sie unter http://www.

. Folgende Fehler sind aufgetreten:

. Fehler konnte nicht Explicit ermittelt werden

. End Transmission

. Aus Datenschutzrechtlichen Gruenden, muss die vollstaendige E-Mail incl.
Daten gezippt & angehaengt werden. Wir bitten Sie, dieses zu

. Auto ReMailer# [

. Nun sieh dir das mal an!
Was ein Ferkel ....

. Herzlichen Glueckwunsch,
--- FIFA-Pressekontakt:
ok ok ok,,,,, here is it
r die 64 Spiele der Weltmeisterschaft 2006 in Deutschland sind Sie dabei.
Weitere Details ihrer Daten entnehmen Sie bitte dem Anhang.
St. Rainer Gellhaus
--- Pressesprecher Jens Grittner und Gerd Graus
--- FIFA Fussball-Weltmeisterschaft 2006
--- Organisationskomitee Deutschland
--- Tel. 069 / 2006 - 2600

. Account and Password Information are attached!
Visit: http://www.

. AntiVirus Service
**** WebSite: .

Attachment: (any of the following)

TrendLabs will be releasing the following EPS deliverables:

TMCM Outbreak Prevention Policy 171
Official Pattern Release 2.611.00
Damage Cleanup Template 588

For more information on WORM_SOBER.S, you can visit our Web site at:

You can modify subscription settings for Trend Micro newsletters at:

TrendLabs will also be releasing a 3-digit pattern file 992 that
corresponds with the pattern indicated in this

email. This 3-digit pattern is a special release for users running non-NPF
compliant products (i.e., old 3-digit

pattern format) and is designed to provide protection against the most
current malware threats. Users running

non-NPF compliant products are still urged to apply the NPF solution

<>. These users may
also upgrade to the latest product

version. Only NPF-compliant products will be able to update with regular
pattern releases.

This message was sent by Trend Micro's Newsletters Editor using Responsys
Interact (TM).

To unsubscribe from Trend Micro's Newsletters Editor:

To update your subscription preference, or to change your email address:

To view our permission marketing policy:
Copyright 1989-2005 Trend Micro, Inc. All rights reserved
Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA 95014

Related Discussions

Related Forums