Re: attachment; filename="photo1.jpg.pif"

From: Majid Almassari (majid.almassariat_private)
Date: Tue Apr 24 2001 - 09:53:22 PDT

Next message: Robert G. Ferrell: "Re: Another incident of hack attempts from a Chinese host"

Previous message: semat: "Re: Another incident of hack attempts from a Chinese host"
Maybe in reply to: Dzzie Z: "attachment; filename="photo1.jpg.pif""
Next in thread: Nick FitzGerald: "Re: attachment; filename="photo1.jpg.pif""
Next in thread: Zora Monster: "Re: attachment; filename="photo1.jpg.pif""
Reply: Nick FitzGerald: "Re: attachment; filename="photo1.jpg.pif""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

.pif (Portable Interchange Format) is a Short Cut to MS-DOS based Executable
Programs. It has the same effect as .exe and .bat. Most likely this is a
Trojan such as Sub Seven.

Majid Almassari
  
-----Original Message-----
From: Dzzie Z [mailto:dzzieat_private]
Sent: Monday, April 23, 2001 11:39 PM
To: INCIDENTSat_private
Subject: attachment; filename="photo1.jpg.pif"


hey guys

today I got a this mail and was wondering if anyone else
on the lists here have gotten a similar one.

I dont have the font installed for the (presumably)
russian txt but I find it pretty unlikely that a plain ole
spammer would be using tricks like "photo1.jpg.pif"

i peeked at the unencoded binary (60k) file, and the headers
definatly dont look like any of the other pif file on my
system, and they dont quite look like a c++ file either.
I dunno. glad for text only mailers though : )

anyone else seen this m/o ?

contact me off list if you want
the mimed file.


+OK 87078 octets
X-Apparently-To: dzzieat_private via web11102
X-Track: 10: 40
Received: from mx5.port.ru  (EHLO smtp5.port.ru) (194.67.23.40)
  by mta495.mail.yahoo.com with SMTP; 23 Apr 2001 22:11:39 -0700 (PDT)
Received: from [212.96.196.64] (helo=smtp.mail.ru)
	by smtp5.port.ru with smtp (Exim 3.14 #3)
	id 14rv68-000EK9-00
	for dzzieat_private; Tue, 24 Apr 2001 09:10:49 +0400
Received: from 2-193.dialup.comset.net (2-193.dialup.comset.net
[213.172.2.193])
	by smtp.mail.ru (8.11.1/8.11.1) with ESMTP
From: Света Ковалева <bipwdkrat_private>
X-Mailer: The Bat! (v1.42f)
X-Priority: 3 (Normal)
To: <dzzieat_private>
Subject: Привет!!!
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="----------6D16C1DFC68B15F"
Message-Id: <E14rv68-000EK9-00at_private>
Date: Tue, 24 Apr 2001 09:10:49 +0400

------------6D16C1DFC68B15F
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 8bit

Привет!
Твой  адрес мне дал один наш общий друг ( первый адрес , который ему пришел
в голову).
Я недавно в интернете и только что получила этот почтовый ящик!
Так что я первый раз пишу электронное письмо!!!
Он сказал что если у меня возникнут вопросы, то я могу спрашивать у тебя...
Я довольно симпатичная и общительная.
(можешь на фото посмотреть)
Жду ответа от тебя!!!
Напиши немного себе и то что ты хочешь знать обо мне.
Пока! Пока!
:)))))))))
------------6D16C1DFC68B15F
Content-Type: application/octet-stream; name="photo1.jpg.pif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="photo1.jpg.pif"

Next message: Robert G. Ferrell: "Re: Another incident of hack attempts from a Chinese host"
Previous message: semat: "Re: Another incident of hack attempts from a Chinese host"
Maybe in reply to: Dzzie Z: "attachment; filename="photo1.jpg.pif""
Next in thread: Nick FitzGerald: "Re: attachment; filename="photo1.jpg.pif""
Next in thread: Zora Monster: "Re: attachment; filename="photo1.jpg.pif""
Reply: Nick FitzGerald: "Re: attachment; filename="photo1.jpg.pif""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 10:37:43 PDT