One frequently ignored aspect of corporate antivirus protection is the built-in file filtering facilities that such protection normally includes, and which represents a fundamental feature in mail server antivirus solutions. Used in the right way, these systems can prevent the kind of major catastrophes that have all too often decimated information stored on networks. The recent Palyh worm, which spreads via e-mail using its own SMTP engine, doesn’t just seek out addresses stored in the infected system’s address book, but also digs through .TXT, .EML, .HTM*, .DBX, and .WAB files looking for e-mail addresses. One of the reasons, in fact, behind Palyh’s rapid and widespread propagation. The message containing the Palyh worm reaches computers in an attachment with a .PIF extension, and it is this file that actually carries out the infection. PIF (Program Information File) files establish special parameters for executing certain programs, such as special directories, environment variables etc. The danger however is that, as is the case with Playh, these files can conceal an additional threat. This is not a new technique and has in the past been used by more than one virus. Ever since the dangerous Badtrans or MTX virus used this strategy, concealing virus code in PIF files has been a highly effective ploy of virus authors. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.