Virus warning: Beware email from support@microsoft.com

It's not what it appears...

Computer users are being warned about a new worm doing the rounds which arrives in an email purporting to be from support@microsoft.com. Major anti-virus vendors have already issued highest-priority warnings for the self-replicating worm, called Palyh, which is spreading via global email and around local area networks. Travelling under the guise of a message from Microsoft's technical team the virus is engineered to trick users into activating it by clicking on an attachment. And it appears to be working - infections have already been recorded in several countries worldwide according to security firm Kaspersky Labs. Once activated the Palyh worm copies itself into the Windows directory under the name "MSCCN32.EXE" and registers this file in the system registry's auto-run key so that it is placed into system memory and automatically launched upon operating system start-up. In keeping with other self-replicating worms Palyh then scans for email addresses to forward itself onto. It searches for files with the extensions txt, eml, html, htm, dbx, wab and selects lines from them that it believes to be email addresses. Then Palyh will use the SMTP server to send out copies of itself to all email addresses found on the infected machine. All infected email messages sent out by the worm contain the falsified address support@microsoft.com, though they contain various subject lines, body texts and attached file names.