Yeah, apparently a few in our company (1500 users) got this one today.

From what I've read, it will only infect if the attachment is opened and it always comes from support@microsoft - most of the major AV companies have already released a definition update, so strongly advise all with AV to go fetch their latest definition files. Those without AV, go get AV... :)

2odd...

yep heaps...

Mailwasher catches them nicely.

All to virtual email address aliases on websites.

From what I've read, it will only infect if the attachment is opened...

Well, that's good news, because I was dumb enough to download the email from my server (Microsoft support contacting me... hah!), but smart enough not to open the attachment.

However, a virus scan did report a virus, and then I got some sort of error message when I tried to print the scan report... and then I scanned again... and there went my evening.

Today's Norton AV definitions report the virus as W32.HLLW.Mankx@mm, but on the NAV website they report that it's been renamed as W32.Sobig.B@mm [symantec.com]. There's a removal tool and removal instructions available.

Thanks all.

Will have to take a look at mailwasher.

I also opened the email yesterday before the NAV Def's had been updated but thankfully did not open the attachment.

Just goes to show how easy it would be to really create some havoc.

received it 10 min ago, thanks Visit_Thailand and WW for this thread.

Leo

It's the "W32/Palyh-A" (alias "W32.HLLW.Mankx@mm") virus, using random subjects and attachment names. It shouldn't be harmful unless the attachment is opened. Although the email subject varies, the content of the email will be simply 'All information is in the attached file.'

It made the BBC news website yesterday and Silicon.com today, so I figured it would already be widely known.

my system once was infected with w32/klez. this nasty thing
reproduced itself so fast that while cleaning one partition the
others were infected again. it took me 7 or 8 scans of my
primary partition until i could get rid of it.

I have received about 20 of these a day for the last week.
Sort of clever, the support@micro$oft.com, but with silly subject lines ala` "Cool Screensaver" who would open it?

Now, if in a alternate universe, I was an evil script kiddy, I would use subject lines such as "Major Security Flaw Patch" or "Outlook XP Security Issue". mmm, maybe I should not give out any ideas.....

"Major Security Flaw Patch" or "Outlook XP Security Issue"

Even ten I wouldn't open it. Who the h*ll gave microsoft my email? noone so I won't open it ;)

leo

>>Even ten I wouldn't open it. Who the h*ll gave microsoft my email? noone so I won't open it ;)

LOL - how many people actually have registered MS products anyway?

AV products are for the weak/stupid.

>>AV products are for the weak/stupid.

Thanks for taking the time to add your enlightening comments senior_mcinvale. Where would we be without members like you?

I'm sure the many 1000s of weak and stupid webmasterworld members who benefit from anti-virus are really glad you offered your opinion.

yes, began to get these yesterday. Mailwasher works wonders.

<<<<<AV products are for the weak/stupid.>>>>>

Wow, so logically anti-biotics and vaccines are for the weak and stoopid as well.

Boy, throughs western civilization into a spiral doesn't it.

>>"Major Security Flaw Patch" or "Outlook XP Security Issue".

Actually, that was last year's scam......

Just toss 'em out and keep your Av up to scratch.....

I don't think I'm weak and I'm certainly not that stupid..... LOL

Wow, so logically anti-biotics and vaccines are for the weak and stoopid as well.

Yes, because if you were strong and smart you'd be naturally immune to everything (and you'd use a Mac, so your computer would be too... lol).

But since most humans are weak and stupid, it's better to be weak, stupid and well protected, so let's hear it for A/V products and penicillin! :)

As for the microsoft emails, I've gotten a couple dozen of them this week... but since I don't have any MS products registered with that email address, I (weakly and stupidly) assumed it must be a virus.

So what's the big rhubarb about AltaVista anyway.

lawman

heh, if you dont run an M$ mail client and you know how your computer works you will never get infected.

i make everyone at work run AV because [they] open up executable files.

hooray for [these] people giving me job security!

[edited by: lawman at 8:48 pm (utc) on May 20, 2003]
[edit reason] Sociability [/edit]

"Wow, so logically anti-biotics and vaccines are for the weak and stoopid as well."

no, that is a bad analogy. you can not prevent diseases by simply learning about them, you can however prevent computer diseases (viruses) by learning how computers & virii work.

I must be weak and stupid, i use av software on linux, M$, Netware, etc. More a precaution, pretty similar to having a firewall i would say.

Then again in my weak and stupid nature, i don't understand the complexities of polymorphic worm virii, though i can get me head a round a buffer over-run attack - all very confusing stuff. I need to take a break and work out how to use my Audio Visual equipment now, the torment of hours figuring how to press the on button.

I would love to be Strong and Intelligent though, so i can call people weak and stupid, without any real understanding of who they may be.