On 02 Mar 2004 22:53:49 -0500
Mike Jeays <[EMAIL PROTECTED]> probably wrote:

> PIF files are Windows Program Information Files, dating from the days of
> Windows 3.1.  I am surprised they still work - but it seems that they
> do. They have executable content, and are now being used to spread
> malicious software.

Just for the sake of correctness...

Physically, real PIFs have no more executable content than something
between a binary data file and a soft link. But Windows thinks that
they can be `executed' (that was necessary to make them usable as
links, I guess), which is quite enough - when the loader analyzes the
file, it understands it's not a PIF but an EXE format executable
from the magic number and runs it.

Some olden virus-writers probably think that if one masquerades an
.exe as .pif, some olden antiviruses won't find them :). They are
making progress: the virus is about 25% smaller than its .C

P.S. And nobody even cared to remove staff@ from CC:)

Cloning is the sincerest form of flattery.

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to