ZDNet UK / News and Analysis / Application Development

Fake Microsoft email spreads new worm

By Patrick Gray, ZDNet Australia, 19 May, 2003 09:04

Topics

Microsoft, support, Worm, Fake, australia, pretend, spread, Palyh, mankx

NEWS
A new mass-mailing worm has begun spreading through Australia, and despite its lack of social smarts, is still managing to replicate rapidly.

The Palyh, or Mankx worm, appears to come from support@microsoft.com, a forged address. The message body is invariably: "All information is in the attached file". Users should not open the attachment.

Symantec has upgraded the threat rating of the worm to 3/5 due to the large number of samples the company has received.

The payload is a PIF, or program information file. Upon execution, it self propagates using email addresses from files stored on the targeted system.

According to Jamie Gillespie, security analyst with AusCERT, the virus is a traditional mass-mailer.

"It appears to be using the address book as a single source at least", he said.

Anti-virus vendors have released signatures that can be used to detect this latest threat. The fact the worm wasn't "detectable" this morning could have contributed to its rapid propagation.

"Currently there is no public information regarding this virus," Gillespie told ZDNet Australia this morning, before the worm was identified and analysed. "Anti virus software is only as good as the signatures [so] 'zero-day' viruses can propagate quite quickly".

An element of reverse psychology could be at work, according to Computer Associates' security consultant Daniel Zatz. Because the email contains little information and doesn't pressure the recipient into opening the attachment could be a reason that people are in fact opening it, he told ZDNet Australia.

"Maybe the curiosity aspect of saying absolutely nothing is perhaps a better lure," he said.

Most large organisations should be protected because they block the .pif file extension, a practice advocated by Zatz, but that small to medium enterprises will probably be impacted.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Let the editors know what you think in the Mailroom.

Related stories

Code Red variant causes little alarm

Security attacks jump 80 percent

Experts play down Nolor worm threat

Fizzer virus threatens to silence chat networks

Lovgate worm mutates, spreads in Asia

Talkback

I started getting this email couple weeks ago, i scanned it and saw the virus so deleted it. I continue getting this email 2-3 times a day. It's frustrating, everytime I open email it is there. I also emailed all my friends so they are aware of this.

23 September, 2003 17:55 Reply

Post your comment

In order to post a comment you need to be registered and logged in

Log in or create your ZDNet UK account below

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

ZDNet UK Live

SoFrank

Jack, I hereby nickname you "Ebenezer." Leorising, I *totally* trust some obscure search engine with no transparent revenue stream to be honest and...

57 minutes ago by SoFrank on Google’s Buckyballs doodle costs people money, drives users away
InfoGuruShop

BBC I Player - could launch Monday http://bit.ly/b8DgJp

mapyourbrand

New iPlayer to launch, with social features... Social TV will be interesting! http://bit.ly/diCEYW

mikecane

Google’s Buckyballs doodle costs people money, drives users away http://t.co/K7VmmHu <- HA! That didn't affect OPERA for me at all! Irony!

jtroll

Google Doodles are terrific examples of creativity for creativity's sake... except when they overheat your machine: http://bit.ly/aC1rqL

leorising

Switch to Startpage: http://www.startpage.com/eng/download-startpage-plugin.html You can add them to your pulldown search list in firefox, dunno...

5 hours ago by leorising on Google’s Buckyballs doodle costs people money, drives users away
BrianExCIS

The Nano is a real backwards step, too small and fiddly if you're over 40 and with reduced functionality. I'm going to put a 32GB SDHC card in my...

5 hours ago by BrianExCIS on New iPods, revamped Apple TV arrive
Stjepan

"I'd rather have the time back that I spent reading this article." Second to that. What computer you are using there? Very interesting, my three...

5 hours ago by Stjepan on Google’s Buckyballs doodle costs people money, drives users away
Stjepan

"I'd rather have the time back that I spent reading this article." Second to that. What computer you are using there? Very interesting, my three...

5 hours ago by Stjepan
chokha

String theory gets entangled in quantum computing http://bit.ly/cFWmmv

rpreibold

String theory gets entangled in quantum computing: ... Imperial College London think they have found a way to test... http://bit.ly/cIEKw7

Socmediadigest

#RT #SM #SocialMedia BBC iPlayer: social media and the public interest: Ah, yes, but social media so... http://bit.ly/aZEYQN #social #media

adam_ps

.@jackschofield on the surprising (to me) cost of Google’s Buckyballs doodle: http://bit.ly/dvpIDq On ZD Net

macmanblack

John Ross on retail market behavior...and social media http://bit.ly/95qJAd

Ezbizs

New iPods, revamped Apple TV arrive: ZDNet UKBy Staff, CNET News, 3 September, 2010 17:58 On Wednesday in Sa... http://tinyurl.com/236h64g

macmanblack

BBC iplayer going social http://bit.ly/95qJAd

DarrenZahradnik

Interesting: BBC iPlayer: social media and the public interest http://bit.ly/cv6amU

SocialMediaXprt

RT @DarrenZahradnik: Interesting: BBC iPlayer: social media and the public interest http://bit.ly/cv6amU http://bit.ly/9gHQfH

GloriaEdwards12

BBC iPlayer: social media and the public interest: By Rupert Goodwins, 5 September, 2010 17:42 The BBC is preparin... http://bit.ly/aISQLf

AlainaPartlo12

BBC iPlayer: social media and the public interest: By Rupert Goodwins, 5 September, 2010 17:42 The BBC is preparin... http://bit.ly/agOHi6

Latest in Application Development

Google puts open-source Wave in a 'box'

Oracle puts OpenSolaris to rest

Featured white papers

SunGard Aquires Hosting 365

A synopsis of SunGard's acquisition of 365 Hosting Limited, a Dublin, Ireland-based cloud computing and data centre services company..

Download now

HP Managed Print Services deal yields 40 percentcost saving at Merck Sharp & Dohme Italia SpA

Merck Sharp & Dohme Italia SpA wanted to consolidate its ageing, unmanaged print, copy and fax fleet and introduce a Managed Print Service (MPS) solution to drive down costs.

Download now

Real-Time Protection for Hyper-V

Server virtualization is a hot topic in the IT world because of the potential for providing serious cost savings for customers.

Download now

Inside ZDNet UK

Broadband Speed Test

How fast is your broadband?

Join ZDNet UK on Facebook

Join ZDNet UK on Facebook

White Papers

Free technology white papers

Downloads

Browse our free downloads

Jobs

Search for a new job

Hot Topics

ZDNet UK hot topics

Storage Resource Centre

Storage Resource Centre