Thread: mini-worm?

    Jan 2002


    I recently received an email from someone that I do not know.

    There was an attatchment named "if you.pif"

    The subject of the email was The Garden Of Eden.

    I tried scanning the attachment with PC-cillin
    which did not show any virus.

    I then saved this attachment to my HD and and tried
    to rescan it. PC-cillin reports that it cannot find
    the file.

    I then renamed the file to "you", I could open this file
    with PC-cillin or notepad.

    I ftp'd the file to a linux machine on my LAN and opened
    it with emacs.

    This just shows a bunch @^e@@@!@# stuff

    Upon closer inspection I seen some snippets of plain text:
    Microsoft Visual C++ Runtime Library

    Scrolling down a little further shows:
    HELO <-- please note that this is a smtp command
    MAIL FROM: <-- another smtp command
    RCPT TO: <-- yet another

    This .pif file is connecting to a prodigy.net smtp server:
    pimout1-ext.prodigy.net with a return address of

    Visiting www.sbcglobal.net redirects to sbcglobal.prodigy.net
    I am assuming that sbcglobal is just an innocent victim here.

    I would like to decompile this .pif file if at all possible
    in the hopes of maybe locating the origin of this mini-worm.

    So could someone please point me in the right direction of
    a decompiler that will show this file in its original form.

    Thank You
    \"UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity.\"
    Dennis Ritchie.

    Feb 2002
