People are being warned about a new e-mail virus that disguises itself as a message from Microsoft.
Palyh pretends to come from Microsoft
Anti-virus firms have told people to be on the look out for the e-mail worm which pretends to come from firstname.lastname@example.org.
The message comes with a variety of subject lines but the attachment should not be opened because it will infect users with a worm known as Palyh.
Palyh will then copy itself to the Windows folder, and begin sending itself to all e-mail addresses it finds on a computer.
Experts say the virus is now active in at least 69 countries.
Think before clicking
Virus writers are always on the lookout for ways to trip up unsuspecting computer users and disguising a worm as a message from the world's best known software firm is the latest in a line of cunning tricks.
Palyh has been particularly clever because, unlike some of its predecessors, it makes little effort to lure people into opening it.
Microsoft technical support does not send out files in this way, and users should think twice before they click
"It doesn't follow the typical psychology and as it is fairly minimal users could think it is not luring me, it must be ok," said Graham Cluley, Senior Technology Consultant for Sophos.
For people inundated with e-mail, opening attachments can often be second nature after a quick scan of the message raises no suspicions.
"Microsoft technical support does not send out files in this way, and users should think twice before they click," added Mr Cluley.
Blocking at source?
The file comes with a .pif extension, a file name that may be less familiar to users.
"Many users who are wary of .exe and .vbs files which arrive in their e-mail my not realise that .pif files are equally capable of being malicious," said Mr Cluley.
PALYH SUBJECT LINES
Approved (Ref: 38446-263)
Re: My application
Re: My details
Sophos thinks there could be a good case for computer support departments blocking all dangerous files types at the e-mail gateway, preventing users from opening any executable code before it has been scanned by themselves.
The virus is "out there in big numbers" according to experts. E-mail scanning firm MessageLabs first spotted the worm on 17 May and said all the initial copies came from the Netherlands.
BBC News Online's own Technology inbox has received about a dozen copies of Palyh.