source: http://www.cert.org/current/current_activity.html#mankxWin32/Mankx Worm
added May 19 | updated May 30
The CERT/CC has received reports of a mass-emailing worm known as "Win32/Mankx" or "Win32/Palyh". It arrives as an attachment with a .pif extension in an email message spoofed to appear as though it was from "firstname.lastname@example.org". Upon opening the attachment, the worm attempts to mail itself to all e-mail addresses it finds in files with a .wab, .dbx, .htm, .html, .eml, or .txt file extension.
The worm also attempts to propogate by copying itself to the following folders on other machines that is has access to:
Windows\All Users\Start Menu\Programs\StartUp
Documents and Settings\All Users\Start Menu\Programs\Startup
The CERT/CC strongly encourages users to install anti-virus software, and keep its virus information files up-to-date.
Users may also wish to consider filtering email attachments with the extensions listed above.