News
News
3/4/2003
02:07 PM
Connect Directly
RSS
E-Mail
50%
50%

Palyh Worm Spreads

Worm purports to be E-mail from Microsoft to lure victims.

Antivirus vendors are warning of a new mass-mailer virus that's spreading around the globe. As of 11 a.m. EDT Monday, MessageLabs said it had intercepted more than 40,000 copies of the Palyh or Mankx worm in 89 countries.

While many viruses and worms use "social engineering" such as pegging the E-mail to current news events, claiming to contain pornographic pictures, or even as posing as antivirus updates, the Palyh worm uses a forged support@microsoft.com E-mail address to attempt to fool users into opening it. The worm also spreads through Windows network shares.

Most antivirus vendors have updated their software to stop this new threat. According to antivirus experts, the worm's payload seems to be only to propagate itself.

"The worm's spread will begin to subside as computer users update their antivirus solutions and the word is spread that any E-mail arriving from an address like 'support@microsoft.com' with an attachment in tow should scream the message like a huge billboard: 'I am a virus.' This is especially important since Microsoft's support policy is to not exchange files via E-mail," says Ian Hameroff, security strategist at Computer Associates.

Antivirus vendor McAfee has Palyh as a medium risk for both home users and businesses. According to McAfee, the worm sends itself to E-mail addresses it finds on the victim's system and uses its own SMTP E-mail engine to distribute itself to those users.

According to McAfee, the subject line could include number of subjects, including "Re: My application" and "Your Password." The body of the message simply states: "All information is in the attached file." The virus has about a dozen file names for that extension, most .pif. However, the file extension may be truncated to only ".pi" because of the way the virus constructs outgoing messages.

"Based on the reports to our eTrust Target labs, the worm has had the greatest impact in the home-computer space since most, if not all, enterprises employ a policy of blocking attachments types like .pif," Hameroff says. "Even so, we all need to be wary of anything that arrives unexpectedly and includes executable attachments."

Comment  | 
Print  | 
More Insights
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and community news at InformationWeek.com.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.