On 02 Mar 2004 22:53:49 -0500 Mike Jeays <[EMAIL PROTECTED]> probably wrote:
> PIF files are Windows Program Information Files, dating from the days of > Windows 3.1. I am surprised they still work - but it seems that they > do. They have executable content, and are now being used to spread > malicious software. Just for the sake of correctness... Physically, real PIFs have no more executable content than something between a binary data file and a soft link. But Windows thinks that they can be `executed' (that was necessary to make them usable as links, I guess), which is quite enough - when the loader analyzes the file, it understands it's not a PIF but an EXE format executable from the magic number and runs it. Some olden virus-writers probably think that if one masquerades an .exe as .pif, some olden antiviruses won't find them :). They are making progress: the virus is about 25% smaller than its .C predecessor:)))) P.S. And nobody even cared to remove staff@ from CC:) -- DoubleF Cloning is the sincerest form of flattery.
Description: PGP signature