[Esa-l] Latest wave of worms using hidden file-extensions (fwd)

John D. Hardin jhardin at wolfenet.com
Sun May 28 17:18:42 PDT 2000


Make sure that "pif" is still in your MANGLE_EXTENSIONS. You may want
to add "movie.avi.pif" to your poisoned filenames list, if you don't
already have "*.pif" in that list. The poisoned filenames list is not
case-sensitive.


---------- Forwarded message (EXCERPT) ----------
Date: Fri, 26 May 2000 18:01:03 +0800
From: "Wayne at DiamondCS.com.au" <wayne at diamondcs.com.au>
To: NTBUGTRAQ at LISTSERV.NTBUGTRAQ.COM
Subject: Latest wave of worms using hidden file-extensions

LATEST WAVE OF WORMS USING HIDDEN FILE EXTENSIONS
RELEASE DATE: Friday May 26, 2000
SYSTEMS AFFECTED: Windows 95, 98, NT, 2000

.
.
.

A worm is already propagating on the Internet now under the filename
of Movie.avi.pif. People receiving this file will see "Movie.avi" if
they look at the file in Explorer, and as .avi is regarded as "safe"
extension, most people will run this file without a second thought of
their own safety.

.
.
.

--
Reported by Wayne Langlois for Diamond Computer Systems
wayne at diamondcs.com.au  -  http://www.diamondcs.com.au





More information about the esd-l mailing list