A second factor that has made Palyh particularly dangerous, is its use of 'social-engineering'. Users who have received the message bearing the virus, have trustingly opened the attached file believing that it was from "support@microsoft.com". For some time now, people have been warned against opening files from unknown or dubious looking sources. But what could be safer than a message apparently sent from "microsoft.com"? Well, things aren't always what they seem.

How long is it since Microsoft have sent messages in anything other than plain text? And with attached files? You guessed it, faking the name of the sender is just another cunning device used by the virus to trick the user.


Any strong security policy cannot ignore the need for user awareness. Even firewalls and content filtering cannot always guarantee total security against the kind of 'social engineering' used by worms like Playh. If security is to be a reality, training users to be aware must be on the agenda of all administrators. This will mitigate, to a large extent, the hidden risks of such apparently innocent e-mails.