Microsoft says recipients of a worm spreading by email and PC networks shouldn’t be fooled into thinking the message originates at the company.
The worm spoofs the sender address firstname.lastname@example.org, but Microsoft New Zealand enterprise and partner group head Terry Allen says the company doesn’t send customers unsolicited emails with attachments.
The worm is known both as W32/Palyh and W32.HLLW.Mankx@mm and arrives as an executable attachment with a variety of subjects and messages. Subject lines include messages such as "Re: My application", "Your password", and "Approved (Ref: 38446-263)". Attachment files containing the new virus have a .PIF file extension.
Clicking the attachment file causes virus code to modify the Windows registry so that the worm program is launched whenever Windows is run. It also searches an infected computer for files containing email addresses that it can mail itself to.
Antivirus software company Symantec says it's had reports of three New Zealand organisations that have succumbed to the virus. The head of the company's Sydney-based security response team, David Banes, says that level of impact is unusual.
"We have to have quite a big outbreak to see reports from New Zealand."
But Banes says the virus' rate of spread appears to have tailed off, which he takes as a sign of widespread use of antivirus software.
Microsoft is a frequent target of virus writers, who often disguise viruses and other attacks as messages or bulletins from Microsoft's technical support organisation.