Just recieved this email from "support@microsoft.com" subject "Screensaver". The body reads "All information is in the attached file." The attached file is named "approved.pif" at 53.6kb. Don't know about you guys but Microsoft doesn't send mail this way, and there is no hint of whats inside. My thinking is  DON'T OPEN IT! If anyone wants to check it here's the senders IP 80.230.125.224, and this is the server it was sent from mxng00.kundenserver.de. I don't think Microsoft support is in Denmark, do you? 

thanks for the heads up
i'll make sure to keep an eye out for it.
on a side note dont your mail programs have virus checkers? i know both MSN and Yahoo have them i dont know about others though

well just recieved this one myself through yahoo, and used their virus scanner to check it and it is definatly a virus

thnx 4 telling me.havent gotten that email yet but ill keep a look out.

???

As I tell my support clients endlessly.

If you receive ANY email with an attachment that is one of the following file types it is an active program and should be DELETED IMMEDIATELY as it is almost certainly a virus.

.scr
.pif
.exe
.bat

The way these thing work is they plonk the prog somewhere in your Windows\System folder and place a 'Run' or 'RunOnce' entry in your registry.

Nothing happens immediately but when you reboot, the prog runs and the damage starts.

.scr is the file type for a screen saver -  but I'm pretty sure you'd get your screen savers from somewhere reputable and not just from somoeone you don't know off the Net!

SO BEWARE!!

PS Unless you've been getting regular updates for your McAfee or any other virus software your are using for that matter - like every week at most, your protection is ZILCH


BTW - this one has been doing the rounds for many weeks if not months now.

I just scanned one of the e-mails and the virus is 'W32.Sobig.B@mm'.

"W32.Sobig.B@mm is a mass-mailing worm that sends itself to all the email addresses that it finds in the files with different extensions"

You can read about it here: http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.b@mm.html

I'm getting dozens of them daily - but all picked up on the mail server by norton.

'.de' is Germany - not Denmark & yes MS have a lot of German based support services - like they do in most countries so that wouldn't be unusual.

The main thing as always - get a good anti virus! If you are running one & it's updated & doesn't pick this virus up - scrap it ! You've been had.

Thanks Everybody


I just had a look in my inbox and I had an e-mail from them with "my password"

Deleted it and just to say thanks for letting me know before hand!!

Paul2k10