[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Monday, 19 May, 2003, 12:13 GMT 13:13 UK
Virus mimics Microsoft e-mail
Bill Gates at a Microsoft event
Palyh pretends to come from Microsoft
People are being warned about a new e-mail virus that disguises itself as a message from Microsoft.

Anti-virus firms have told people to be on the look out for the e-mail worm which pretends to come from support@microsoft.com.

The message comes with a variety of subject lines but the attachment should not be opened because it will infect users with a worm known as Palyh.

Palyh will then copy itself to the Windows folder, and begin sending itself to all e-mail addresses it finds on a computer.

Experts say the virus is now active in at least 69 countries.

Think before clicking

Virus writers are always on the lookout for ways to trip up unsuspecting computer users and disguising a worm as a message from the world's best known software firm is the latest in a line of cunning tricks.

Microsoft technical support does not send out files in this way, and users should think twice before they click
Graham Cluley, Sophos
Palyh has been particularly clever because, unlike some of its predecessors, it makes little effort to lure people into opening it.

"It doesn't follow the typical psychology and as it is fairly minimal users could think it is not luring me, it must be ok," said Graham Cluley, Senior Technology Consultant for Sophos.

For people inundated with e-mail, opening attachments can often be second nature after a quick scan of the message raises no suspicions.

"Microsoft technical support does not send out files in this way, and users should think twice before they click," added Mr Cluley.

Blocking at source?

The file comes with a .pif extension, a file name that may be less familiar to users.

PALYH SUBJECT LINES
Approved (Ref: 38446-263)
Re: Movie
Re: My application
Screensaver
Your details
Re: My details
Your password
"Many users who are wary of .exe and .vbs files which arrive in their e-mail my not realise that .pif files are equally capable of being malicious," said Mr Cluley.

Sophos thinks there could be a good case for computer support departments blocking all dangerous files types at the e-mail gateway, preventing users from opening any executable code before it has been scanned by themselves.

The virus is "out there in big numbers" according to experts. E-mail scanning firm MessageLabs first spotted the worm on 17 May and said all the initial copies came from the Netherlands.

BBC News Online's own Technology inbox has received about a dozen copies of Palyh.




SEE ALSO:
Sneaky virus spreading rapidly
12 May 03  |  Technology
E-mail virus exploits Sars fears
24 Apr 03  |  Technology
How digital Armageddon was averted
31 Jan 03  |  Technology
E-mail virus exploits war interest
20 Mar 03  |  Technology
Net recovers from cyber attack
27 Jan 03  |  Technology
Sneaky year for computer viruses
26 Dec 02  |  Technology


RELATED BBCi LINKS:

RELATED INTERNET LINKS:
The BBC is not responsible for the content of external internet sites


PRODUCTS AND SERVICES

News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific