Skip to main contentAccess keys help

[an error occurred while processing this directive]
Low graphics|Accessibility help
BBC News
watch One-Minute World News
News Front Page
Africa
Americas
Asia-Pacific
Europe
Middle East
South Asia
UK
Business
Health
Science & Environment
Technology
Entertainment
Also in the news
-----------------
Video and Audio
-----------------
Programmes
Have Your Say
In Pictures
Country Profiles
Special Reports
RELATED BBC SITES
Last Updated: Monday, 19 May, 2003, 12:13 GMT 13:13 UK
Email this to a friend Printable version
Virus mimics Microsoft e-mail
Bill Gates at a Microsoft event
Palyh pretends to come from Microsoft
People are being warned about a new e-mail virus that disguises itself as a message from Microsoft.

Anti-virus firms have told people to be on the look out for the e-mail worm which pretends to come from [email protected].

The message comes with a variety of subject lines but the attachment should not be opened because it will infect users with a worm known as Palyh.

Palyh will then copy itself to the Windows folder, and begin sending itself to all e-mail addresses it finds on a computer.

Experts say the virus is now active in at least 69 countries.

Think before clicking

Virus writers are always on the lookout for ways to trip up unsuspecting computer users and disguising a worm as a message from the world's best known software firm is the latest in a line of cunning tricks.

Microsoft technical support does not send out files in this way, and users should think twice before they click
Graham Cluley, Sophos
Palyh has been particularly clever because, unlike some of its predecessors, it makes little effort to lure people into opening it.

"It doesn't follow the typical psychology and as it is fairly minimal users could think it is not luring me, it must be ok," said Graham Cluley, Senior Technology Consultant for Sophos.

For people inundated with e-mail, opening attachments can often be second nature after a quick scan of the message raises no suspicions.

"Microsoft technical support does not send out files in this way, and users should think twice before they click," added Mr Cluley.

Blocking at source?

The file comes with a .pif extension, a file name that may be less familiar to users.

PALYH SUBJECT LINES
Approved (Ref: 38446-263)
Re: Movie
Re: My application
Screensaver
Your details
Re: My details
Your password
"Many users who are wary of .exe and .vbs files which arrive in their e-mail my not realise that .pif files are equally capable of being malicious," said Mr Cluley.

Sophos thinks there could be a good case for computer support departments blocking all dangerous files types at the e-mail gateway, preventing users from opening any executable code before it has been scanned by themselves.

The virus is "out there in big numbers" according to experts. E-mail scanning firm MessageLabs first spotted the worm on 17 May and said all the initial copies came from the Netherlands.

BBC News Online's own Technology inbox has received about a dozen copies of Palyh.



Email this to a friend Printable version

SEE ALSO:
Sneaky virus spreading rapidly
12 May 03  |  Technology
E-mail virus exploits Sars fears
24 Apr 03  |  Technology
How digital Armageddon was averted
31 Jan 03  |  Technology
E-mail virus exploits war interest
20 Mar 03  |  Technology
Net recovers from cyber attack
27 Jan 03  |  Technology
Sneaky year for computer viruses
26 Dec 02  |  Technology


RELATED BBCi LINKS:
Guide to viruses

RELATED INTERNET LINKS:
Sophos Anti-Virus
MessageLabs
F-Secure
MessageLabsL Palyh virus
The BBC is not responsible for the content of external internet sites

TOP TECHNOLOGY STORIES
US lifts lid on WikiLeaks probe
Bing gains market share in search
'Virtual human' makes Xbox debut

PRODUCTS AND SERVICES

News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
AmericasAfricaEuropeMiddle EastSouth AsiaAsia Pacific