Palyh Worm Spreads - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Palyh Worm Spreads

Worm purports to be E-mail from Microsoft to lure victims.

Antivirus vendors are warning of a new mass-mailer virus that's spreading around the globe. As of 11 a.m. EDT Monday, MessageLabs said it had intercepted more than 40,000 copies of the Palyh or Mankx worm in 89 countries.

While many viruses and worms use "social engineering" such as pegging the E-mail to current news events, claiming to contain pornographic pictures, or even as posing as antivirus updates, the Palyh worm uses a forged [email protected] E-mail address to attempt to fool users into opening it. The worm also spreads through Windows network shares.

Most antivirus vendors have updated their software to stop this new threat. According to antivirus experts, the worm's payload seems to be only to propagate itself.

"The worm's spread will begin to subside as computer users update their antivirus solutions and the word is spread that any E-mail arriving from an address like '[email protected]' with an attachment in tow should scream the message like a huge billboard: 'I am a virus.' This is especially important since Microsoft's support policy is to not exchange files via E-mail," says Ian Hameroff, security strategist at Computer Associates.

Antivirus vendor McAfee has Palyh as a medium risk for both home users and businesses. According to McAfee, the worm sends itself to E-mail addresses it finds on the victim's system and uses its own SMTP E-mail engine to distribute itself to those users.

According to McAfee, the subject line could include number of subjects, including "Re: My application" and "Your Password." The body of the message simply states: "All information is in the attached file." The virus has about a dozen file names for that extension, most .pif. However, the file extension may be truncated to only ".pi" because of the way the virus constructs outgoing messages.

"Based on the reports to our eTrust Target labs, the worm has had the greatest impact in the home-computer space since most, if not all, enterprises employ a policy of blocking attachments types like .pif," Hameroff says. "Even so, we all need to be wary of anything that arrives unexpectedly and includes executable attachments."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
Register for InformationWeek Newsletters
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll