DO NOT OPEN ANY EMAIL FROM SUPPORT@MICROSOFT.COM
IF YOU RECEIVE ONE, DELETE IT WITHOUT OPENING
A new computer worm that disguises itself as an e-mail from Microsoft Corp. is spreading, computer security firms warned on Monday. The e-mail containing the worm, dubbed Palyh or Mankx, appears to come from support@microsoft.com, but is not from the software company. When the attachment is opened, the worm copies itself to the Windows folder, scoops up e-mail addresses from the hard disk and starts sending itself out.
Origins: Palyh (also known as Mankx) is a mass-mailing worm which hit the Internet in May 2003 and propagates by mailing itself to recipients extracted from e-mail addresses found on infected machines. It lures recipients into opening infected messages by sending itself out under a forged <support@microsoft.com> return address. The subjects of these infected messages can be any of the following:
Re: Approved (Ref: 3394-65467)
Re: Approved (Ref: 38446-263)
Cool screensaver
Re: Movie
I Re: My application v
Re: My details
Screensaver
Your details
Your password
The triggering attachment can be any of the following filenames:
_approved.pif
application.pif
approved.pif
doc_details.pif
download1053122425102485703.uue
movie28.pif
password.pif
ref-394755.pif
screen_doc.pif
screen_temp.pif
Palyh can be identified and removed from infected machines with virus protection software updated with the latest virus definition files.
