Previous by DateNext by Date Date Index
Previous by ThreadNext by Thread Thread Index
LM_NET Archive



Dear LM_NET Colleagues,

Here is a real virus alert that I received yesterday afternoon. I I have
already received five or six messages with this virus.

------------ A quick alert to inform you of e-mails that 'appear' to
arrive from support@microsoft.com (A legitimate e-mail address, but DO NOT
OPEN an attachment from that address ending in either .pif or .pi.


This e-mail, which started arriving in mailboxes in the last 48 ours
contains a damaging Worm: W32/Palyh@MM (DO NOT OPEN !)


You may want to pass this information along to your MIS or IT or other
computer technical staff, as well as staffers within your Stations. TDGA
has confirmed this is not a hoax and advises updating your anti-virus
software with the very latest versions. Above all-- DO NOT OPEN THE
ATTACHMENT.


The Bulletin below is from Microsoft, should you need added information.


TDGA-Traffic Directors Guild of America
E-Mail: tdga@earthlink.net
Website: www.tdga.org
E-Fax: (509) 471-5765
SEVERITY: MODERATE
DATE: May 19, 2003
PRODUCTS AFFECTED: Microsoft Outlook, Microsoft Outlook Express, and
Web-based e-mail
**********************************************************************
WHAT IS IT?
W32/Palyh@MM is a worm that spreads via e-mail and network shares. The
Microsoft Product Support Services Security Team is issuing this alert
to advise customers to be on the alert for this virus as it spreads in
the wild. Customers are advised to review the information and take the
appropriate action for their environments.
IMPACT OF ATTACK:
Mass-mailing
TECHNICAL DETAILS:
W32/Palyh@MM spreads via e-mail and network shares. This worm spoofs the
address support@microsoft.com. While support@microsoft.com is a valid
e-mail address Microsoft does not send unsolicited e-mail containing
attachments to our customers. Information on Microsoft's official
response to all virii of this nature can be found here:
http://www.microsoft.com/technet/security/news/patch_hoax.asp
E-mail Message Characteristics:
From: support@microsoft.com
Subject:
Message Body:
All information is in the attached file.
Attachment Type: .pif (Note: the attachment extension may be truncated
to .pi in some instances)
The worm also spreads using network shares
For additional details on this worm from anti-virus software vendors
participating in the Microsoft Virus Information Alliance (VIA) please
visit the following links:
Network Associates:
http://vil.nai.com/vil/content/v_100307.htm
Trend Micro:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_PAL
YH.A
For more information on Microsoft's Virus Information Alliance please
visit this link: http://www.microsoft.com/technet/security/virus/via.asp

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-
All LM_NET postings are protected by copyright law.
To change your LM_NET status, e-mail to: listserv@listserv.syr.edu
In the message write EITHER: 1) SIGNOFF LM_NET  2) SET LM_NET NOMAIL
3) SET LM_NET MAIL  4) SET LM_NET DIGEST  * Allow for confirmation.
LM_NET Help & Information: http://ericir.syr.edu/lm_net/
Archive: http://askeric.org/Virtual/Listserv_Archives/LM_NET.shtml
LM_NET Select/EL-Announce: http://www.cuenet.com/archive/el-announce/
LM_NET Supporters: http://ericir.syr.edu/lm_net/ven.html
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-

LM_NET Mailing List Home