Worm purports to be E-mail from Microsoft to lure victims.
Antivirus vendors are warning of a new mass-mailer virus that's spreading around the globe. As of 11 a.m. EDT Monday, MessageLabs said it had intercepted more than 40,000 copies of the Palyh or Mankx worm in 89 countries.
While many viruses and worms use "social engineering" such as pegging the E-mail to current news events, claiming to contain pornographic pictures, or even as posing as antivirus updates, the Palyh worm uses a forged email@example.com E-mail address to attempt to fool users into opening it. The worm also spreads through Windows network shares.
Most antivirus vendors have updated their software to stop this new threat. According to antivirus experts, the worm's payload seems to be only to propagate itself.
"The worm's spread will begin to subside as computer users update their antivirus solutions and the word is spread that any E-mail arriving from an address like 'firstname.lastname@example.org' with an attachment in tow should scream the message like a huge billboard: 'I am a virus.' This is especially important since Microsoft's support policy is to not exchange files via E-mail," says Ian Hameroff, security strategist at Computer Associates.
Antivirus vendor McAfee has Palyh as a medium risk for both home users and businesses. According to McAfee, the worm sends itself to E-mail addresses it finds on the victim's system and uses its own SMTP E-mail engine to distribute itself to those users.
According to McAfee, the subject line could include number of subjects, including "Re: My application" and "Your Password." The body of the message simply states: "All information is in the attached file." The virus has about a dozen file names for that extension, most .pif. However, the file extension may be truncated to only ".pi" because of the way the virus constructs outgoing messages.
"Based on the reports to our eTrust Target labs, the worm has had the greatest impact in the home-computer space since most, if not all, enterprises employ a policy of blocking attachments types like .pif," Hameroff says. "Even so, we all need to be wary of anything that arrives unexpectedly and includes executable attachments."
IT's Reputation: What the Data SaysInformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
What The Business Really Thinks Of IT: 3 Hard TruthsThey say perception is reality. If so, many in-house IT departments have reason to worry. InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business views IT's performance in delivering services - and, more important, powering innovation. The news isn't great.
InformationWeek Must Reads Oct. 21, 2014InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.