Internet worm disguised as e-mail from Microsoft

[InfoSec News <isn () c4i org>]

Forwarded from: "eric wolbrom, CISSP" <eric () shtech net>

http://finance.lycos.com/home/news/story.asp?story=34253416

SAN FRANCISCO, May 19 (Reuters) - A new computer worm that disguises
itself as an e-mail from Microsoft Corp. is spreading, computer
security firms warned on Monday.

The e-mail containing the worm, dubbed Palyh or Mankx, appears to come
from support () microsoft com, but is not from the software company.

When the attachment is opened, the worm copies itself to the Windows
folder, scoops up e-mail addresses from the hard disk and starts
sending itself out, said U.K-based Sophos.

The malicious program can spread itself to other Windows machines on a
local area network, anti-virus vendors said.

It also can secretly install spyware programs, according to
Moscow-based Kaspersky Labs in a news release.

However, Christ Belthoff, a senior product manager at Sophos, said his
firm has found no evidence that it installs spyware, or a program that
eavesdrops on computer users.

"This is not a widespread outbreak," he added.

The worm is programmed to expire automatically on May 30, according to
Symantec Corp.

It began spreading on Saturday and has apparently infected computers
in 69 countries, according to MessageLabs.

A Microsoft spokesman said the company never sends out unsolicited
mass e-mails with attachments.

 
_______________________________________________________________________
eric wolbrom, CISSP                     Safe Harbor Technologies
President & CIO                         190 Goldens Bridge Ct.
Voice 914.767.9090 ext. 6000            Katonah, NY 10536
Fax   914.767.3911                              http://www.shtech.net
_______________________________________________________________________



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.