On Wed, 20 Aug 2003, Jill Lasker wrote: +++++ [CLIP] +++++ > Have other members of this list suddenly been besieged in the last 2-3 days > with junk? I keep getting emails with a subject line "RE: details" and they > all simply say "Please see the attached file for details." All the files > have a .pif extension (what is that?). They're all from seemingly > legitimate addresses, but no one I actually know. > > At least one of the addresses it came from was a legitimate display company, > which is why I wondered if any of you were getting them too. > ============================= Jill: There is currently a surge of millions (or more) of fake e-mails being self-transmitted by the W32/Sobig-F worm-type virus, from infected PCs - probably without the owner knowing that this is happening. To cover its tracks it substitutes a genuine e-mail address (eg. from the machine's address book or from received mail box) for the actual originating address so that the message looks like a genuine one from a known and probably trusted e-mail address. You infect your machine by opening the attachment to the e-mail - which can appear in several forms, typically a free screensaver offer or other excecutable file (such as .pif). Sobig-F and its "family" of related viruses seems to be restricted to Windows systems: apparently UNIX, Linux and Mac systems shouldn't be affected. It should be possible to track down the machine sending the fake e-mails (and I've had more than a dozen from a single source within less than an hour - though each apparently from a different sender). Don't "flame" the person who's name is at the top. Bring up "Full Headers" and you should then find the real IP address (consisting of 4 numbers of up to three digits each). You can then check out the real originating system through one of the IP directory and search systems, such as the American Registry for Internet Numbers - ARIN (http://www.arin.net/), and send a message about the problem, including the fake e-mail in Full Headers mode to "abuse@...." (the domain name - eg. [log in to unmask]). Above all, however, it's absolutely essential to keep your anti-virus protection system completely up to date. Symantec/Norton Anti-Virus report that they are identifying and producing treatments for more than 200 new viruses or variants PER WEEK at the moment, so if you haven't updated you virus protection within the past few days you may be already infected - and sending out hundreds of fake e-mails complete with copies of one of the new viruses. Patrick Boylan City University London ========================================================= Important Subscriber Information: The Museum-L FAQ file is located at http://www.finalchapter.com/museum-l-faq/ . You may obtain detailed information about the listserv commands by sending a one line e-mail message to [log in to unmask] . The body of the message should read "help" (without the quotes). If you decide to leave Museum-L, please send a one line e-mail message to [log in to unmask] . The body of the message should read "Signoff Museum-L" (without the quotes).