Datamation Logo

New Worm Cloaked in Microsoft Disguise

May 19, 2003
Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Beware a new worm in Microsoft clothing.

A new worm is rapidly spreading across the globe, disguised as an email from Microsoft’s technical support department. The worm, known as W32/Palyh or Mankx, is ranked under the highest alert levels because it downloads malicious code from a remote Web site and because it has spread quickly in less than a day, indicating a quick strike seeding in the wild.

The email carries an attachment and a note saying that all information is in the attached file. The attachment is a Windows program with a PIF extension. If users open the attachment, their computers are infected immediately.

The worm copies itself to the Windows folder and uses email addresses stored on the user’s hard disk to send itself back out.

”Many users who are wary of EXE and VBS files which arrive in their email may not realize that PIF files are equally capable of being malicious,” says Graham Cluley, a senior technology consultant for Sophos Anti-Virus. ”Microsoft technical support does not send out files in this way, and users should think twice before they click.”

MessageLabs, an anti-virus vendor, notes that Palyh, which reportedly originated in the Netherlands, was first detected on May 17, and has quickly spread to 69 countries. China, the United States and the United Kingdom seem to be the hardest hit at this point.

Ken Dunham, a senior malicious code intelligence manager at iDefense, Inc., an antivirus company, suggests that administrators temporarily implement filters against PIF, PI, and UUE email attachments until the outbreak is over.

Sophos recommends blocking all Windows programs at the email gateway.

”Best practices for business should include automatic blocking of all executable code at the email gateway,” says Sophos’ Cluley. ”At the very least, all PIF files should be blocked. There should never be any need to distribute genuine PIF files — which are really just a type of shortcut — via email.”

  SEE ALL
ARTICLES
 

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Datamation Logo

Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.

Advertisers

Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.

Advertise with Us

Our Brands


Privacy Policy Terms & Conditions About Contact Advertise California - Do Not Sell My Information

Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.