Palyh pretends to come from
Microsoft |
People
are being warned about a new e-mail virus that disguises itself as a
message from Microsoft.
Anti-virus firms have told people to be on the look out for the
e-mail worm which pretends to come from support@microsoft.com.
The message comes with a variety of subject lines but the
attachment should not be opened because it will infect users with a
worm known as Palyh.
Palyh will then copy itself to the Windows folder, and begin
sending itself to all e-mail addresses it finds on a computer.
Experts say the virus is now active in at least 69 countries.
Think before clicking
Virus writers are always on the lookout for ways to trip up
unsuspecting computer users and disguising a worm as a message from
the world's best known software firm is the latest in a line of
cunning tricks.
 Microsoft technical support does not
send out files in this way, and users should think twice
before they click 
|
Palyh has been
particularly clever because, unlike some of its predecessors, it
makes little effort to lure people into opening it.
"It doesn't follow the typical psychology and as it is fairly
minimal users could think it is not luring me, it must be ok," said
Graham Cluley, Senior Technology Consultant for Sophos.
For people inundated with e-mail, opening attachments can often
be second nature after a quick scan of the message raises no
suspicions.
"Microsoft technical support does not send out files in this way,
and users should think twice before they click," added Mr Cluley.
Blocking at source?
The file comes with a .pif extension, a file name that may be
less familiar to users.
|
PALYH SUBJECT LINES
Approved (Ref: 38446-263)
Re: Movie
Re: My application
Screensaver
Your details
Re: My details
Your password |
"Many users who
are wary of .exe and .vbs files which arrive in their e-mail my not
realise that .pif files are equally capable of being malicious,"
said Mr Cluley.
Sophos thinks there could be a good case for computer support
departments blocking all dangerous files types at the e-mail
gateway, preventing users from opening any executable code before it
has been scanned by themselves.
The virus is "out there in big numbers" according to experts.
E-mail scanning firm MessageLabs first spotted the worm on 17 May
and said all the initial copies came from the Netherlands.
BBC News Online's own Technology inbox has received about a dozen
copies of Palyh.
Email this to a friend 
Printable version
.gif){kind=small}
