The worm, named Palyh (pronounced Pale-h) is a basic worm which copies itself in to the Windows system memory as MSCCN32.EXE and spreads through mailing itself out to a host’s contacts and via corporate networks.
The worm has the ability to update itself from a remote web server automatically and install spyware on infected PCs but is also time locked to become inactive after 31 May.
‘We’ve had a lot of reports worldwide,’ said Graham Cluley, consultant at Sophos.
‘It showed up around midnight and seemed to hit Australian and New Zealand hardest due to the timing of release. There’s a danger to home users who might not be blocking attachments and for companies who only scan emails and don’t monitor network shares.’
The worm scans for TXT, EML, HTML, HTM, DBX, WAB files and emails itself to any email address it finds, although it also tries to send out a small number of garbled emails due to its poor construction. All emails purport to come from come from firstname.lastname@example.org and contain an EXE file that looks like a PIF or PI file.
‘There’s an awful lot of it about in the UK this morning,’ said Jack Clark of Network Associates.
‘That being said it looks like a similar low level threat like last week’s Fizzer worm. We’ve got our DAT files out already and it shouldn’t be a problem for anyone with a sensible policy on virus updates.’
Barclays has partnered with accounting software company Xero to provide businesses with access to transaction data through its direct feed.
Government's estimate of a £400m admin saving from Making Tax Digital is way off - and is instead a huge cost burden, warns Lamont Pridmore chief executive Graham Lamont
Xero unveiled its expanded global partner programme at Xerocon South, the accounting technology conference in Australasia
Accountancy software firm Sage has been hit by a data breach which may have compromised the personal details and bank account details of as many as 300 UK businesses