«

I see someone has sent me a .zip file which contains a .pif file
which undoubredly comtains something that is not going to do
my PC any good were it executed.

Checking on McAfee I find it is

W32/Sobig.e@MM.

"This variant is similar to W32/Sobig.d@MM. The worm propagates via
email and over network shares. It contains its own SMTP engine for
constructing outgoing messages.

The virus is sent in a ZIP archive, allowing it to bypass extension
blocking rules. However, this requires the end user to perform extra
steps in order to actually execute the virus."

But they wil, l and it also propagates via Network shares so beware !

**** is about to happen.


--
Jim Watt http://www.gibnet.com

"Jim Watt" <> wrote in message
news:...
> I see someone has sent me a .zip file which contains a .pif file
> which undoubredly comtains something that is not going to do
> my PC any good were it executed.
>
> Checking on McAfee I find it is
>
> W32/Sobig.e@MM.
>
> "This variant is similar to W32/Sobig.d@MM. The worm propagates via
> email and over network shares. It contains its own SMTP engine for
> constructing outgoing messages.
>
> The virus is sent in a ZIP archive, allowing it to bypass extension
> blocking rules. However, this requires the end user to perform extra
> steps in order to actually execute the virus."
>
> But they wil, l and it also propagates via Network shares so beware !
>
> **** is about to happen.
>
>
> --
> Jim Watt http://www.gibnet.com


Fortunately there are mail filtering applications (e.g.. Elron Software
Message Inspector and/or Anti-Virus) capable of examining and if necessary
blocking such attachments. Even if the file's extension has been changed.


--
Best regards,
Don Kelloway
Commodon Communications

Visit http://www.commodon.com to learn about the "Threats to Your Security
on the Internet".

On Thu, 26 Jun 2003 05:22:17 GMT, "Don Kelloway"
<> wrote:

>"Jim Watt" <> wrote in message
>news:.. .
>> I see someone has sent me a .zip file which contains a .pif file
>> which undoubredly comtains something that is not going to do
>> my PC any good were it executed.
>>
>> Checking on McAfee I find it is
>>
>> W32/Sobig.e@MM.
>>
>> "This variant is similar to W32/Sobig.d@MM. The worm propagates via
>> email and over network shares. It contains its own SMTP engine for
>> constructing outgoing messages.
>>
>> The virus is sent in a ZIP archive, allowing it to bypass extension
>> blocking rules. However, this requires the end user to perform extra
>> steps in order to actually execute the virus."
>>
>> But they wil, l and it also propagates via Network shares so beware !
>>
>> **** is about to happen.
>>
>>
>> --
>> Jim Watt http://www.gibnet.com
>
>
>Fortunately there are mail filtering applications (e.g.. Elron Software
>Message Inspector and/or Anti-Virus) capable of examining and if necessary
>blocking such attachments. Even if the file's extension has been changed.

Its not that the extension has been changed, its really a .zip file

However, you are right, the best point of defense is at the mail
server.
--
Jim Watt http://www.gibnet.com