Palyh Recirculating?

I almost never get worms/viruses/etc. in my e-mail, but recently I got some that had "your_application.zip" attached. I pulled one of the zips to a disk and opened it under Linux and 'lo and behold, there sat a .pif file with the Palyh worm in it. Has anyone else seen a recent spike in the circulation, or did I just happen to get on someone's list who got infected?

Thats weird, normally the worm doesnt zip itself, it just sends itself as the pif file attached to the email.

I've received 2 in the last few days. Both if them contained
'your_details.zip', which contains 'details.pif'. What pisses me off
is the amount of commandline scanners at the servers end DON'T
scan within zip files.

According to McAfee, the old Palyh's have been renamed Sobig -- and I've been getting inundated with them at work since Wednesday...

Palyh is also called Sobig.2, I think.

My virus scan didn't grab it either, but I make it a practice not to open any attachments I received on a non-quarantined machine. As soon as I saw the you_*.zip, I figured it was Sobig, so I just moved it to a Linux box to open and voila - found it.

Just wondered what others were seeing, because if I start getting hit with these things (on the address it's coming into, at least), it usually means they're on the move....

Not sure if this is the case but if sent from MS Outlook and it thinks it's to large or some thing (not sure how it decides) it zips the file and sends it that way.