Internet Worm Disguised as E-Mail from Microsoft

Reuters ^ | 19 May 2003

[Hal1950]

SAN FRANCISCO (Reuters) - A new computer worm that disguises itself as an e-mail from Microsoft Corp. MSFT.O is spreading, computer security firms warned on Monday.

The e-mail containing the worm, dubbed Palyh or Mankx, appears to come from support@microsoft.com, but is not from the software company.

When the attachment is opened, the worm copies itself to the Windows folder, scoops up e-mail addresses from the hard disk and starts sending itself out, said U.K-based Sophos.

The malicious program can spread itself to other Windows machines on a local area network, anti-virus vendors said.

It also can secretly install spyware programs on infected computers that could eavesdrop on the computer user, according to Moscow-based Kaspersky Labs.

The worm is programmed to expire automatically on May 30, according to Symantec Corp.

It began spreading on Saturday and has apparently infected computers in 69 countries, according to MessageLabs.

A Microsoft spokesman said the company never sends out unsolicited mass e-mails with attachments.

[John Beresford Tipton]

It doesn't say whether this is aimed at a susceptibility in Outlook Express. Many of these worms & viruses are designed that way, which is a good reason to use a different email client.

[goldstategop]

If you get what looks like a Microsoft e-mail with an attachment you know its not from them. Redmond updates Windows on its website. I pity the ignorant fools who should know better.

[mbynack]

I got one of these this morning. Our firewall stripped the attachment, though.

[KayEyeDoubleDee]

I also recieved it w/out attachment, then a follow-up from ISP (Time Warner Road Runner) saying they had stripped it.

[MineralMan]

I got this today, and deleted it, as I do all messages supposedly from Microsoft. It's silliness to do anything else.

[asformeandformyhouse]

A new computer worm that disguises itself as an e-mail from Microsoft

If they ever design one that disguises itself as a thread on FreeRepublic, I'm gonna be in deep doodoo.

[KarlInOhio]

Good for me the Redneck Virus had a huge bug in it which kept it from spreading far. When I got it, I deleted all the files on my hard disk, but that wiped out my mailing list so I had no one to forward it to.

[Calpernia]

I have a preference for Pegasus http://www.pmail.com/

[rs79bm]

They're all designed for Microsoft OE. 60 to 90% of all home users us Outlook Express, which is fast, convenient, and comes with just about every Windows-based computer you buy today.

[tarawa]

looks like it is trying to come through as a .pif file

[Merovingian]

I got it today, immediately knew it was bogus..
ALSO got this... supposedly from PAYPAL:

PayPal
Please verify your information today!
Dear Paypal Member.

Your account has been randomly flagged in our system as a part of our routine security measures. This is a must to ensure that only you have access and use of your paypal account and to ensure a safe Paypal experience. We require all flagged accounts to verify their information on file with us. To verify your information, click here and enter the details requested. After you verify your information, your account shall be returned to good standing and you will continue to have full use of your account.

Thank you for using PayPal!
Please do not reply to this e-mail. Mail sent to this address cannot be answered.

THIS is NOT from Paypal, if you get it, call them.

[Seeking the truth]

Yep, its a .pif file. Just got it through my www.0cents.com site. Probably some Bush Hater sent it as my site is getting bombarded with requests for the "Character Counts" image!

My McAfee Virus scan stopped it.

[governsleastgovernsbest]

I used to receive that type of fraudulent email all the time when I was an AOL subscriber.

I have found that these frauds inevitably give themselves away through the use of poor grammar, spelling errors, or unusual syntax.

In the message you received, nothing leaps out. However, I would suggest that a large corporation such as Paypal would not use a term like "flagged" in corresponding with a mass audience.

Similarly, I think it is very unlikely they would write that the account "shall" be returned to good standing.

Unfortunately , I'm sure these frauds manage to dupe a number of people.

[MizSterious]

Oh, you got that one too? Mine came last week. It looked really legit, but I knew Paypal doesn't handle business that way, so I'm sure I was a disappointment to the scammers.

[TaxRelief]

And I just received this email:

Dear Ebay Customer,

This email is to inform you of a recent update we made to our systems, To avoid service Interruption we require that you confirm your account as soon as possible.

Please take a moment to confirm your account by going to the following address:

"http://www.ebay.com@itransaction-system.com"

Follow these steps:

1: Log in by clicking the link given above.
2: Verify who you are.
3: Your account will then be updated, you may continue using Ebay services with out any interruptions.

*** Please note: If you FAIL to update your account, it will be temporarily disabled.

We apologize for any inconvenience this may cause. The Ebay team is working hard to bring you the best services on the web.

Thank you for your business.

The Ebay Staff.

[3D-JOY]

HI there friend!

I saw your name and remembered the new stickers...Did you get my yellow envelope and order?

How is everything going?

[Seeking the truth]

Got it and its already on its way back atcha! Thanks!

[3D-JOY]

Good. Sometimes I forget to do what I planned.

Senior moments!!