DO NOT OPEN ANY EMAIL FROM SUPPORT@MICROSOFT.COM
IF YOU RECEIVE ONE, DELETE IT WITHOUT OPENING
A new computer worm that disguises itself as an e-mail from Microsoft Corp. is spreading, computer security firms warned on Monday. The e-mail containing the worm, dubbed Palyh or Mankx, appears to come from email@example.com, but is not from the software company. When the attachment is opened, the worm copies itself to the Windows folder, scoops up e-mail addresses from the hard disk and starts sending itself out.
Origins: Palyh (also known as Mankx) is a mass-mailing worm which hit the Internet in May 2003 and propagates by mailing itself to recipients extracted from e-mail addresses found on infected machines. It lures recipients into opening infected messages by sending itself out under a forged <firstname.lastname@example.org> return address. The subjects of these infected messages can be any of the following:
Re: Approved (Ref: 3394-65467)
Re: Approved (Ref: 38446-263)
I Re: My application v
Re: My details
The triggering attachment can be any of the following filenames:
Palyh can be identified and removed from infected machines with virus protection software updated with the latest virus definition files.