SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Client)  >   Microsoft Outlook Vendors:   Microsoft
Microsoft Outlook May Be Affected by W32/Palyh@MM Mass-Mailing Worm
SecurityTracker Alert ID:  1006807
SecurityTracker URL:  http://securitytracker.com/id/1006807
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 21 2003
Impact:   Execution of arbitrary code via network, Modification of system information, Modification of user information
Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   Microsoft's PSS Security Response Team issued an Alert regarding a new mass-mailing worm (W32/Palyh@MM). According to the report, Microsoft Outlook is affected [Outlook Express is also affected].

[Editor's note: This is not a vulnerability alert. However, we are issuing an alert because Microsoft has chosen to warn their customers of this.]

The W32/Palyh@MM worm is reported to be a mass-mailing worm that spreads via e-mail and network shares. The worm uses a "from" address of 'support@microsoft.com' but does not actually originate from that address. Instead, it originates from an infected platform.

The worm contains a '.pif' attachment, which may be given a file name so that it appears to be a different type of attachment. When the target user opens the file, the malicious code will execute with the privileges of the target user. On an unprotected system, this will prompt the target user's system to mail the worm out to other e-mail addresses. The worm will mail to addresses found in certain files on the target user's computer.

According to Network Associates, the worm is implemented to cease propagation (but not infection) on and after May 31, 2003.

More information is available from Network Associates at:

http://vil.nai.com/vil/content/v_100307.htm

Microsoft has assigned a "moderate" severity rating to this alert.

Impact:   If a target user executes a malicious attachment, the worm's malicious code may be executed. See the Description Section for a list of potential impacts.
Solution:   Microsoft reports that Outlook 2000 post SP2 and Outlook XP SP1 include features to block potentially harmful attachment types. These versions will reportedly block the attachment by default. You can check to see if you are running the latest version by loading the following URL:

http://office.microsoft.com/ProductUpdates/default.aspx

Microsoft also reports that Outlook 2000 pre-SR1 and Outlook 98 do not block potentially malicious attachments by default, but you can get the Outlook E-mail Security Update to add this feature. See the following URL for more information:

http://office.microsoft.com/Downloads/2000/Out2ksec.aspx

A list of attachment types that can be blocked by Outlook are available at:

http://support.microsoft.com?kbid=290497

See the Microsoft PSS Alert for instructions on how to prevent or mitigate the effects of this type of worm:

http://www.microsoft.com/technet/security/virus/alerts/palyh.asp

Microsoft plans to issue the following Knowledge Base article regarding this worm, to be available shortly at:

http://support.microsoft.com/?kbid=821454

Vendor URL:  www.microsoft.com/technet/security/virus/alerts/palyh.asp (Links to External Site)
Cause:   State error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Microsoft W32/Palyh@MM Worm Alert


http://www.microsoft.com/technet/security/virus/alerts/palyh.asp

Microsoft's PSS Security Response Team issued an Alert regarding a new worm (W32/Palyh@MM) 
that may affect Microsoft Outlook, Microsoft Outlook Express, and Web-based e-mail systems.

Microsoft has assigned a "moderate" severity rating to this alert.

"W32/Palyh@MM is a worm that spreads via e-mail and network shares. The Microsoft Product 
Support Services Security Team is issuing this alert to advise customers to be on the 
alert for this virus as it spreads in the wild. Customers are advised to review the 
information and take the appropriate action for their environments."

The W32/Palyh@MM worm is reported to be a mass-mailing worm that spreads via e-mail and 
network shares.  The worm uses a "from" address of 'support@microsoft.com' but does not 
actually originate from that address.

The worm contains a '.pif' attachment, which may be given a file name so that it appears 
to be a different type of attachment.

See the Microsoft PSS Alert (at the URL listed above) for instructions on how to prevent 
this type of worm.

Microsoft plans to issue the following Knowledge Base article regarding this worm, to be 
available shortly at:

http://support.microsoft.com/?kbid=821454



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC