(begin quote)
I have identified one of the virus senders. She was an innocent
person who didn't know her machine was infected. Also she had a
legitimate reason for having my email address in her computer's
address book. The other came from some ISP in China. I don't know
anyone in China who would have any legitimate reason to have my
email address in his address book. It probably came from some
spammer.
Sam Heywood
(end of quote)
Maybe that second virus message mentioned above did not originate in China but
went via an open relay in China? I've received spam that way.
Glenn McCorkle wrote:
>
> The last one I got as an eMail attachment was "moon_landing.gif.pif"
>
> Arachne saved it to disk as "moon_lan.gif"
> Without the "dumb scan" setting in F-prot.... that file would not have
> been scanned.
>
> Since I *did* use "dumb scan"... that file was identified as yet
> another copy of the sircam worm.
>
> I hope this clears-up that little mystery. ;-)
)Not quite. <g>
)Arachne saved it as .gif and that would be perfectly safe, as a .gif
)is a DATA file and not executeable by any OS as far as _I_ know.
)Well, maybe Linux. :(
)Wincrap9 would have saved (and treated it) as a .PIF. :((
- Clarence Verge
I guess that moon_lan.gif, viewed in Arachne or any other DOS-based graphics
viewer, would show an error message or a garbled image but would not do anything
viral? I guess that would be true even if moon_lan.gif were viewed by a
Wincrap-based viewer? But Wincrap9 email client decodes the attachment and
treats it as a .pif, according to what follows the last dot in the file name.
File names with double extensions, like moon_landing.gif.pif or readme.txt.vbs
are a virus's disguise. Traditionally, before the MS OS of that name, windows
were supposed to let you see things in the open, not hide things like the
critical .vbs and .pif at the end of these file names.
