New computer worm disguises itself as an e-mail from Microsoft

March 8, 2008 – 2:13 PM

Antivirus vendors have warned about new computer worm which pretends to have been sent by Microsoft technical support.

The e-mail containing the worm, dubbed Palyh (pronounced Pale-H) or Mankx, appears to come from [email protected], but is not from the software company. It contains a file which, upon execution, copies itself to the Windows folder, scoops up e-mail addresses from the hard disk and starts sending itself out. Palyh also spreads to other Windows machines on a local area network (LAN).

Though the file appears to have a .pi or .pif extension, it is an .exe file which is automatically run by Windows as soon as the recipient double-clicks on it.

The malicious program has the ability automatically to update itself from a remote web server, and install spyware on infected machines.

Spyware is any software used to obtain personal information about a user or his or her computer without informing the user or asking permission. Spyware uses an Internet connection to receive the data about Web browsing habits or even passwords and credits card details.

Palyh is also time locked to expire automatically after 31 May. Most likely this trigger was built into the program because the server from which it downloads its updates will be closed in the near future.

The worm appears to originate from the Netherlands, but more than 60 percent of e-mails containing it were originating from the United Kingdom. It began spreading on Saturday and has apparently infected computers in 75 countries.

A Microsoft spokesman said the company never sends out unsolicited mass e-mails with attachments.

You must be logged in to post a comment.