Previous by Date | Next by Date | Date Index
Previous by Thread | Next by Thread
| Thread Index
| LM_NET
Archive
| |
Dear LM_NET Colleagues, Here is a real virus alert that I received yesterday afternoon. I I have already received five or six messages with this virus. ------------ A quick alert to inform you of e-mails that 'appear' to arrive from support@microsoft.com (A legitimate e-mail address, but DO NOT OPEN an attachment from that address ending in either .pif or .pi. This e-mail, which started arriving in mailboxes in the last 48 ours contains a damaging Worm: W32/Palyh@MM (DO NOT OPEN !) You may want to pass this information along to your MIS or IT or other computer technical staff, as well as staffers within your Stations. TDGA has confirmed this is not a hoax and advises updating your anti-virus software with the very latest versions. Above all-- DO NOT OPEN THE ATTACHMENT. The Bulletin below is from Microsoft, should you need added information. TDGA-Traffic Directors Guild of America E-Mail: tdga@earthlink.net Website: www.tdga.org E-Fax: (509) 471-5765 SEVERITY: MODERATE DATE: May 19, 2003 PRODUCTS AFFECTED: Microsoft Outlook, Microsoft Outlook Express, and Web-based e-mail ********************************************************************** WHAT IS IT? W32/Palyh@MM is a worm that spreads via e-mail and network shares. The Microsoft Product Support Services Security Team is issuing this alert to advise customers to be on the alert for this virus as it spreads in the wild. Customers are advised to review the information and take the appropriate action for their environments. IMPACT OF ATTACK: Mass-mailing TECHNICAL DETAILS: W32/Palyh@MM spreads via e-mail and network shares. This worm spoofs the address support@microsoft.com. While support@microsoft.com is a valid e-mail address Microsoft does not send unsolicited e-mail containing attachments to our customers. Information on Microsoft's official response to all virii of this nature can be found here: http://www.microsoft.com/technet/security/news/patch_hoax.asp E-mail Message Characteristics: From: support@microsoft.com Subject: Message Body: All information is in the attached file. Attachment Type: .pif (Note: the attachment extension may be truncated to .pi in some instances) The worm also spreads using network shares For additional details on this worm from anti-virus software vendors participating in the Microsoft Virus Information Alliance (VIA) please visit the following links: Network Associates: http://vil.nai.com/vil/content/v_100307.htm Trend Micro: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_PAL YH.A For more information on Microsoft's Virus Information Alliance please visit this link: http://www.microsoft.com/technet/security/virus/via.asp =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=- All LM_NET postings are protected by copyright law. To change your LM_NET status, e-mail to: listserv@listserv.syr.edu In the message write EITHER: 1) SIGNOFF LM_NET 2) SET LM_NET NOMAIL 3) SET LM_NET MAIL 4) SET LM_NET DIGEST * Allow for confirmation. LM_NET Help & Information: http://ericir.syr.edu/lm_net/ Archive: http://askeric.org/Virtual/Listserv_Archives/LM_NET.shtml LM_NET Select/EL-Announce: http://www.cuenet.com/archive/el-announce/ LM_NET Supporters: http://ericir.syr.edu/lm_net/ven.html =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-