E-mail this

  • Home

  • Search
  • Send Comments
  • What's New
  • Hottest 25
      Legends

  • Odd News
  • Glossary
  • FAQ

  • Autos
  • Business
  • Cokelore
  • College
  • Computers

  • Crime
  • Critter Country
  • Disney
  • Embarrassments
  • Food

  • Glurge Gallery
  • History
  • Holidays
  • Horrors
  • Humor

  • Inboxer Rebellion
  • Language
  • Legal
  • Lost Legends
  • Love

  • Luck
  • Media Matters
  • Medical
  • Military
  • Movies

  • Music
  • Old Wives' Tales
  • Photo Gallery
  • Politics
  • Pregnancy

  • Quotes
  • Racial Rumors
  • Radio & TV
  • Religion
  • Risqué Business

  • Science
  • September 11
  • Sports
  • Titanic
  • Toxin du jour

  • Travel
  • Weddings

  • Message Archive
 
Home --> Computers --> Virus Hoaxes & Realities --> Palyh

Palyh

Virus name:   Palyh.

Status:   Real.

Example:   [Collected on the Internet, 2003]

DO NOT OPEN ANY EMAIL FROM SUPPORT@MICROSOFT.COM
IF YOU RECEIVE ONE, DELETE IT WITHOUT OPENING

A new computer worm that disguises itself as an e-mail from Microsoft Corp. is spreading, computer security firms warned on Monday. The e-mail containing the worm, dubbed Palyh or Mankx, appears to come from support@microsoft.com, but is not from the software company. When the attachment is opened, the worm copies itself to the Windows folder, scoops up e-mail addresses from the hard disk and starts sending itself out.

Origins:   Palyh (also known as Mankx) is a mass-mailing worm which hit the Internet in May 2003 and propagates by mailing itself to recipients extracted from e-mail addresses found on infected machines. It lures recipients into opening infected messages by sending itself out under a forged <support@microsoft.com> return address. The subjects of these infected messages can be any of the following:
  • Re: Approved (Ref: 3394-65467)
  • Re: Approved (Ref: 38446-263)
  • Cool screensaver
  • Re: Movie
  • I Re: My application v
  • Re: My details
  • Screensaver
  • Your details
  • Your password
The triggering attachment can be any of the following filenames:
  • _approved.pif
  • application.pif
  • approved.pif
  • doc_details.pif
  • download1053122425102485703.uue
  • movie28.pif
  • password.pif
  • ref-394755.pif
  • screen_doc.pif
  • screen_temp.pif
Palyh can be identified and removed from infected machines with virus protection software updated with the latest virus definition files.

Additional Information:
W32/Palyh@MM W32/Palyh@MM   (McAfee)
Last updated:   29 January 2008

Urban Legends Reference Pages © 1995-2014 by Barbara and David P. Mikkelson.
This material may not be reproduced without permission.
snopes and the snopes.com logo are registered service marks of snopes.com.