[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Some Jerk.. NOW VIRUS WARNING - NZC



Below is one of many news articles you can find on this latest virus
hitting the internet.
E-mail that I have seen make it through to my inbox have attachments
that have .pif as the file extension.
DO NOT OPEN THAT FILE

Cheers,
Mike
- ----------
This from www.silicon.com/news/500013/1/4218.html

Virus warning: Beware email from support@xxxxxxxxxxxxx
It's not what it appears...

Computer users are being warned about a new worm doing the rounds which
arrives in an email purporting to be from support@xxxxxxxxxxxxxx

Major anti-virus vendors have already issued highest-priority warnings
for the self-replicating worm, called Palyh, which is spreading via
global email and around local area networks.

Travelling under the guise of a message from Microsoft's technical team
the virus is engineered to trick users into activating it by clicking on

an attachment. And it appears to be working - infections have already
been recorded in several countries worldwide according to security firm
Kaspersky Labs.

Once activated the Palyh worm copies itself into the Windows directory
under the name "MSCCN32.EXE" and registers this file in the system
registry's auto-run key so that it is placed into system memory and
automatically launched upon operating system start-up.

In keeping with other self-replicating worms Palyh then scans for email
addresses to forward itself onto. It searches for files with the
extensions txt, eml, html, htm, dbx, wab and selects lines from them
that it believes to be email addresses. Then Palyh will use the SMTP
server to send out copies of itself to all email addresses found on the
infected machine.

All infected email messages sent out by the worm contain the falsified
address support@xxxxxxxxxxxxx, though they contain various subject
lines, body texts and attached file names.