On Thursday 04 September 2003 12:17 pm, [EMAIL PROTECTED] wrote: > Hehe - no I'm not planning to write a virus; I believe M$ has cornered the > market there. With all the talk this morning about the 'thankyou.pif' > file that circulated, I was curious what the file held. I tried to look > at the file in vi but saw only gibberish (compiled code?) I tried a > google search to see how to open this type of file and found that M$ uses > a 'pifeditor' (it seems to come with the 'M$ VirusWriter 7.0' suite of > tools - to be included in every version of .Net). I didn't find any > useful info for editing under linux though; any thoughts here? I don't > have a windows box to play with it on - or maybe I could take it to work > and open it... hmmm...
For the record, I do not think that the virus itself is written as a .pif file. It is using that extension only because that is one of MS's executable extensions which means that when you open the message and click on the attachment, it automatically executes. It could call itself .exe or .bat just a easily. I am guessing that the author chose .pif only because inexperienced users are less likely to realize that it is executable. Just because the filename ends in .pif does not necessarily mean that the file IS a .pif. Not sure what language it was written in, but it is definitely compiled code so you would need to decompile it or look at it with a hex editor to try to figure out what the original language was. -- Bryan Phinney Software Test Engineer
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
