Worm purports to be E-mail from Microsoft to lure victims.
Antivirus vendors are warning of a new mass-mailer virus that's spreading around the globe. As of 11 a.m. EDT Monday, MessageLabs said it had intercepted more than 40,000 copies of the Palyh or Mankx worm in 89 countries.
While many viruses and worms use "social engineering" such as pegging the E-mail to current news events, claiming to contain pornographic pictures, or even as posing as antivirus updates, the Palyh worm uses a forged email@example.com E-mail address to attempt to fool users into opening it. The worm also spreads through Windows network shares.
Most antivirus vendors have updated their software to stop this new threat. According to antivirus experts, the worm's payload seems to be only to propagate itself.
"The worm's spread will begin to subside as computer users update their antivirus solutions and the word is spread that any E-mail arriving from an address like 'firstname.lastname@example.org' with an attachment in tow should scream the message like a huge billboard: 'I am a virus.' This is especially important since Microsoft's support policy is to not exchange files via E-mail," says Ian Hameroff, security strategist at Computer Associates.
Antivirus vendor McAfee has Palyh as a medium risk for both home users and businesses. According to McAfee, the worm sends itself to E-mail addresses it finds on the victim's system and uses its own SMTP E-mail engine to distribute itself to those users.
According to McAfee, the subject line could include number of subjects, including "Re: My application" and "Your Password." The body of the message simply states: "All information is in the attached file." The virus has about a dozen file names for that extension, most .pif. However, the file extension may be truncated to only ".pi" because of the way the virus constructs outgoing messages.
"Based on the reports to our eTrust Target labs, the worm has had the greatest impact in the home-computer space since most, if not all, enterprises employ a policy of blocking attachments types like .pif," Hameroff says. "Even so, we all need to be wary of anything that arrives unexpectedly and includes executable attachments."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.