Current Names List:
sexy_bedroom.pif
love_me.pif
see_me.pif
Drunk_lol.pif
piccie_lol.pif
webcam_015.pif
What Does Pif Stand For?
Windows Program Information File
A Program Information File dates back to the early versions of Windows. Basically, it's an information file that when you click on it the information in the file is used by Windows to run some program; including code that can be in the PIF file. It is a potentially dangerous file type and one should never click on one received via E-mail without extensive knowledge of exactly what it will do first. Note: This file type can become infected and should be carefully scanned if someone sends you a file with this extension.
How Can I Protect Myself?
the ovious answer would be to have a updated antivirus
if you do not have one. you can download avg antivirus free here
or use the free online scanner from panda here
Another way you could stop it happening would be to to use Messenger Plus AutoAccept feature, but configurating it to not accept files
this can be done by
-Signing in
- Going to the plus menu, then preferences
- Clicking on instant messages
- By then clicking on the top check box
- and changing the convo box to accept everything but files.
(warning this leaves you open to automaticly accept any other file)
UPDATE:
QUOTE(Front Page)
Based on numerous reports from messers, a new virus seems to be propagating itself rapidly through MSN Messenger.
F-Secure identifies the worm as Bropia.A, other antivirus software (like including Kaspersky) labels it IM-Worm.Win32.VB.a.
When received and executed by the victim, the worm places itself in the C directory with a random filename like:
sexy_bedroom.pif
drunk_lol.pif
naked_party.pif
webcam_(random number).pif
love_me.pif and similar looking names.
It then automatically sends itself to active MSN Messenger contacts. It also drops and executes oms.exe, a variant of Rbot, which copies itself as lexplore.exe and adds two registry keys so it will be executed at next system startup. The bot can be used as a backdoor, logging keystrokes, relaying spam and for various other purposes and is therefor a huge security threat to your system. Brobia.A can also disable mouse right button and manipulate Windows mixer volume settings.
If you receive a file transfer request for such a file, press ALT-D or click Decline. Don't ever execute the file. If you did, delete the file immediately and permanently from your system (My Received Files and C drive) and take necessary security measures. For more information, visit F-Secure.
