Don't beat me, but i've noticed a huge influx of these .pif virii today.

Don’t kill me for posting this, it may be slightly off topic but I have noticed a very odd spike in traffic with these virii that have .pifs attached to them.

The subject is random.

The body always says:

“See attached file for details” and they’re always a pif file.

Anyone else notice this?


You're not seeing things. I would say you can thank "W32/Sobig.F-mm",
referenced in

Allow me to quote a bit from the story:

The sender appears to be someone from a recognized domain name, such as, or The subject line typically says
"Re: Details," "Resume" or "Thank you."

Attachment names may include: your_document.pif, details.pif,
your_details.pif, thank_you.pif, movie0045.pif, document_Fall.pif,
application.pif, and document_9446.pif.


Now having personally experienced the worm myself…
This is how it went, there was no known way to remove the worm with
any current software for the variety that I had, it was mutagenic, recognized
AVP, and other forms of disinfectors and went nuts propagating itself to the
point the only solution left was Low level format…format and reinstall

At that point we were not sure if the media itself was not damaged and
held our breath for a while, thankfully it was not and now my box is back
up and running -minus the data that was not recoverable.

If anyone is having their techs do this, be nice to them and be kind
because it takes about 6 hours plus to do each box completely


Jade E. Deane wrote:

You're not seeing things. I would say you can thank "W32/Sobig.F-mm",
referenced in

I'd like to point out that this variant is the most aggressive yet of the Sobig family. However, I think this aggressiveness is possibly a bug in the code as the delivery attempts to a single user from a single user are extremely high. This is, of course, not desired when propogating.