Achtung! - "Palyh" virus - 05/20/03 01:45 AM
A friend sent this to me - I instantly thought of all you folks here (especially WO'N! 
). You may have heard of this one already....If not, pass it on....cheers, mg
I've checked this at the McAfee site and the virus/worm is listed there as a "medium threat." http://vil.mcafee.com/dispVirus.asp?virus_k=100307
virus alert
---------------------------
Microsoft Virus Alert
Quote of the Day
---------------------------
Monday, 19 May, 2003, 12:13 GMT 13:13 UK
Virus mimics Microsoft e-mail
People users are being warned about a new e-mail virus that disguises
itself as a message from Microsoft.
Anti-security firms have told people to be on the look out for the e-mail
worm which pretends to come from support@microsoft.com.
The message comes with a variety of subject lines but the attachment should
not be opened because it will infect users with a worm known as Palyh.
Palyh will then copy itself into to the Windows folder, and begins sending
itself to all e- mail addresses it finds on a computer.
Think before clicking
Virus writers are always on the lookout for ways to trip up unsuspecting
computer users and disguising a worm as a message from the world's best
known software firm is the latest in a line of cunning tricks.
" Microsoft technical support does not send out files in this way, and
users should think twice before they click "
Graham Cluley, Sophos
Palyh has been particularly clever because, unlike some of its
predecessors, it makes little effort to lure people into opening it.
"It doesn't follow the typical psychology and as it is fairly minimal users
could think it is not luring me, it must be ok," said Graham Cluley, Senior
Technology Consultant for Sophos.
For people inundated with e-mail, opening attachments can often be second
nature after a quick scan of the message raises no suspicions.
"Microsoft technical support does not send out files in this way, and users
should think twice before they click," added Mr Cluley.
Blocking at source?
The file comes with a .pif extension, a file name that may be less familiar
to users.
"Many users who are wary of .exe and .vbs files which arrive in their
e-mail my not realise that .pif files are equally capable of being
malicious," said Mr Cluley.
Sophos thinks there could be a good case for computer support departments
blocking all dangerous files types at the e-mail gateway, preventing users
from opening any executable code before it has been scanned by themselves.
The virus is "out there in big numbers" according to Sophos and struck at
around midnight, meaning Australia and New Zealand have seen the most cases
so far.
BBC News Online's own Technology inbox has received about a dozen of copies
of Palyh.
(Thanks to Mike Mills of News2Few < news2few@lks.net >)
). You may have heard of this one already....If not, pass it on....cheers, mgI've checked this at the McAfee site and the virus/worm is listed there as a "medium threat." http://vil.mcafee.com/dispVirus.asp?virus_k=100307
virus alert
---------------------------
Microsoft Virus Alert
Quote of the Day
---------------------------
Monday, 19 May, 2003, 12:13 GMT 13:13 UK
Virus mimics Microsoft e-mail
People users are being warned about a new e-mail virus that disguises
itself as a message from Microsoft.
Anti-security firms have told people to be on the look out for the e-mail
worm which pretends to come from support@microsoft.com.
The message comes with a variety of subject lines but the attachment should
not be opened because it will infect users with a worm known as Palyh.
Palyh will then copy itself into to the Windows folder, and begins sending
itself to all e- mail addresses it finds on a computer.
Think before clicking
Virus writers are always on the lookout for ways to trip up unsuspecting
computer users and disguising a worm as a message from the world's best
known software firm is the latest in a line of cunning tricks.
" Microsoft technical support does not send out files in this way, and
users should think twice before they click "
Graham Cluley, Sophos
Palyh has been particularly clever because, unlike some of its
predecessors, it makes little effort to lure people into opening it.
"It doesn't follow the typical psychology and as it is fairly minimal users
could think it is not luring me, it must be ok," said Graham Cluley, Senior
Technology Consultant for Sophos.
For people inundated with e-mail, opening attachments can often be second
nature after a quick scan of the message raises no suspicions.
"Microsoft technical support does not send out files in this way, and users
should think twice before they click," added Mr Cluley.
Blocking at source?
The file comes with a .pif extension, a file name that may be less familiar
to users.
"Many users who are wary of .exe and .vbs files which arrive in their
e-mail my not realise that .pif files are equally capable of being
malicious," said Mr Cluley.
Sophos thinks there could be a good case for computer support departments
blocking all dangerous files types at the e-mail gateway, preventing users
from opening any executable code before it has been scanned by themselves.
The virus is "out there in big numbers" according to Sophos and struck at
around midnight, meaning Australia and New Zealand have seen the most cases
so far.
BBC News Online's own Technology inbox has received about a dozen of copies
of Palyh.
(Thanks to Mike Mills of News2Few < news2few@lks.net >)
