ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Application development Toolkit

Fake Microsoft email spreads new worm

Patrick Gray ZDNet Australia

Published: 19 May 2003 09:04 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A new mass-mailing worm has begun spreading through Australia, and despite its lack of social smarts, is still managing to replicate rapidly.

The Palyh, or Mankx worm, appears to come from support@microsoft.com, a forged address. The message body is invariably: "All information is in the attached file". Users should not open the attachment.

Symantec has upgraded the threat rating of the worm to 3/5 due to the large number of samples the company has received.

The payload is a PIF, or program information file. Upon execution, it self propagates using email addresses from files stored on the targeted system.

According to Jamie Gillespie, security analyst with AusCERT, the virus is a traditional mass-mailer.

"It appears to be using the address book as a single source at least", he said.

Anti-virus vendors have released signatures that can be used to detect this latest threat. The fact the worm wasn't "detectable" this morning could have contributed to its rapid propagation.

"Currently there is no public information regarding this virus," Gillespie told ZDNet Australia this morning, before the worm was identified and analysed. "Anti virus software is only as good as the signatures [so] 'zero-day' viruses can propagate quite quickly".

An element of reverse psychology could be at work, according to Computer Associates' security consultant Daniel Zatz. Because the email contains little information and doesn't pressure the recipient into opening the attachment could be a reason that people are in fact opening it, he told ZDNet Australia.

"Maybe the curiosity aspect of saying absolutely nothing is perhaps a better lure," he said.

Most large organisations should be protected because they block the .pif file extension, a practice advocated by Zatz, but that small to medium enterprises will probably be impacted.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Let the editors know what you think in the Mailroom.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with Konica

Did you find this article useful?
46 out of 96 people found this useful


In association with Intel

Talkback

Post a comment


Full Talkback thread

1 comment

  1. I started getting this email couple weeks ago, i s... Vickie Miller

Related Links

More In Application development


Company/Topic Alerts

Create a new alert from the list below:











Related Jobs

Support Consultant

Systems Administrator

Malware Analyst

Discussions

roger andre roger andre

LinkedOut - when business networks don...

Monday 13 October 2008, 11:08 PM

1 comment
AdamW AdamW

Linux and Laptop Screen Resolutions

Monday 13 October 2008, 9:50 PM

1 comment
mwikarski mwikarski

back button

Monday 13 October 2008, 9:36 PM

5 comments
mwikarski mwikarski

back button

Monday 13 October 2008, 9:36 PM

5 comments

View All

Featured Talkback

In association with Intel
The fact is: Software developers today are really designers and not coders. The reason that business anlaysts exist today to model solutions is because they understand the value of designing software before writing it. All too often developers create code that has little value because they do not understand that business classes interact with other classes within the confines of a working model or pattern.

By: 1000165269

Read full story:
Making sense of agile modelling