Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Security problem

Mar 11, 2004 2:42AM PST

Two emails showed up in my Hotmail inbox this morning that I don't understand and don't know how to deal with.

One was from the postmaster advising that delivery of "my" email to herron@paradiglmtech.com failed. But I never sent any email to that address. The email showed the following as the email in question:

"From :
<grandpaw7@hotmail.com>

To :
herron@paradigmtech.com

Subject :
Re: Your archive

Sent :
Thursday, March 11, 2004 9:42 AM

Attachment : DELETED0.TXT (160 bytes)
Your document is attached."

When I tried to open the attachlment, I got this:

"File attachment: your_archive.pif
The file attached to this email was removed
because the file name is not allowed."

The second was from P2SPAM_GW@p2es.com to lmy email address, grandpaw7@hotmail.com. It said:

"Content violation found in email message.

From: grandpaw7@hotmail.com
To: herron@paradigmtech.com

File(s): your_archive.pif

Matching filename: *.pif"

I have no idea what this is all about. I feel like I should report this to someone but I don't find a way to contact hotmail about it. (Maybe all I need to do is to change my password.)

Anyone have any thoughts about what I should do? Thanks, Jerry

Discussion is locked

- Collapse -
Do nothing. Just delete the message.
Mar 11, 2004 2:53AM PST

Modern viruses and worms (and they florish at the moment) when sending themselves by e-mail to others from some computer take any email-address found on that computer and fake that that address is the sender of the message. In these case some virus picked your address.

The receiver (or the receivers ISP) sees the message contains a virus and and is kind enough to notify the assumed 'sender'.

That's all that is. There's nothing you can do about it and it isn't your fault at all.

Kees

- Collapse -
Re:Security problem
Mar 11, 2004 3:54AM PST

Jerry,

Kees is exactly correct. Delete the messages as they had "spoofed" sender lines and were viruses sent from another computer that had your e-mail address on it. The response on both was an indication that the ISP of the receiver blocked the infected message.

My main concern here is this..WHY DID YOU try to open the attachment? You didn't know who this was from....You had concerns about it being a problem....Delete it without question. Most of the new viruses, including (Look at the attachment names in Netsky.D) and Bagle/Beagle viruses may have double file extensions that look like text files but aren't. The .pif file extension is one of those used by viruses to immediately execute the infection.

If you just felt adventurous, OK, but you are taking a chance that the machine will get infected. Your choice.

Hope this helps.

Grif

- Collapse -
A few remarks.
Mar 11, 2004 4:57AM PST

1. I thought hotmail is doing a virus check on mails? They are supposed to have more recent virus definitions than most hotmail-users, so I should feel reasonaly safe to trust them.

2. I've set Explorer to show all file extensions, so a wicked attachment name shows up in Outlook express as filename.txt.pif. I prefer seeing it this way in Explorer (I'm from MS-DOS times), but I find this a definite advantage. I've never checked in hotmail (my children won't give me their password!), but I think they send the whole page, including filenames of attachments, as html-text to the browser. I would be rather stupid if they don't use the full filename (like filename.txt.pif).

3. And, of course, error messages from postmaster and the like, always are something like 'ATT0001.DAT', telling me the username doesn't exist or any other reason to refuse my mail. I've never thought it dangerous to open such a file of a few 100 bytes at most. Is that a wrong thought?


Kees

- Collapse -
Re:A few remarks.
Mar 11, 2004 8:51AM PST

Kees,

Just some thoughts on your remarks...LOL...

1. On the McAfee forums, when the Netsky virus first came out, both Yahoo and Hotmail had a "few" of the infected zip files sneak by. The .zip file extension was previously "allowed" and it took them a while to figure out what they wanted to do with it. Most viruses are very similar. It's a game of 'catch up'. So, although Hotmail and other webmail sites that have antivirus scanners are usually a good bet, it's never a sure thing.

2. Like you, I also set the computer to "Show all File Extensions". It's much safer and gives the user a lot more information to work with. Unfortunately, not all users have their computer set in such a manner. It's the very reason that many of the viruses are engineered with double file extensions.

3. IF you know exactly what you are looking for, and are extremely familiar with the attributes of files and how virus messages are constructed, you can usually figure out which text files are "real" and which ones aren't. Once again, not all users have the ability to decide. I work with infected attachments quite a bit, and I still make sure to scan the file before opening it. There are a number of viruses which use the "Postmaster" return trick to lure the user into opening the message or the attachment which will infect the computer. (Klez is a big one that comes to mind.) You've been doing this long enough that you may have enough knowledge to safely open a small text file. I'm not sure most have that same knowledge.

Hope this helps and thanks for your comments.

Grif

- Collapse -
MY THANKS TO GRIF AND KEYS
Mar 11, 2004 10:48AM PST

Grif, when Hotmail said there was no virus in the attachment, I figured it was safe to open it and perhaps get a better idea of what was going on. It wasn't till I opened the attachment that Hotmail told me the attachment was deleted. Also, I just wasn't as well informed as I now am. I was wondering if somehow someone had gotten the ability to use my Hotmail account. Much thanks, gentlemen.