RealNews

Spoofing ability gives Palyh worm some legs

The Palyh worm has rapidly spread across the Internet because of a clever trick that allows it to make itself appear to be coming from Microsoft support, experts said this morning. Messages containing the worm appear to come from “support@microsoft.com,” but that address is actually spoofed. Users should be suspicious of such messages because Microsoft doesn’t send executable files via e-mail, said Chris Belthoff, senior product marketing manager at U.K.-based antivirus software vendor Sophos Inc. “As it purported to be from Microsoft, it had a certain amount of pseudo-credibility,” he said. Palyh’s social engineering appears to have worked on some end users. U.K.-based e-mail filtering company MessageLabs intercepted more than 65,000 copies of the worm on Monday. By midmorning EDT Tuesday, the company had stopped about 100,000 copies. At the worm’s peak, MessageLabs was finding a copy of Palyh (or Mankx, as it’s also known) in one out of every 215 messages. Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.