Central Command, a leading provider of PC anti-virus software and computer security services, and its partners has announced the discovery of a new Internet worm that pretends to be an e-mail message from Microsoft Corporation`s technical support department.
The new worm, named Win32.Invalid.A@mm, carries a destructive payload that can render executable (.exe) applications unusable by encrypting them with a random encryption key. This mass-mailing worm first verifies that an Internet connection is available and if a connection is established it searches for all files starting with the extension ".ht*" in the My Documents folder. It then extracts the e-mail addresses from within the files and sends the following message:
From: "Microsoft Support" support@microsoft.com
Subject: Invalid SSL Certificate
Body:
Hello,
Microsoft Corporation announced that an invalid SSL certificate that web sites use is required to be installed on the user computer to use the https protocol. During the installation, the certificate causes a buffer overrun in Microsoft Internet Explorer and by that allows attackers to get access to your computer. The SSL protocol is used by many companies that require credit card or personal information so, there is a high possibility that you have this certificate installed. To avoid of being attacked by hackers, please download and install the attached patch. It is strongly recommended to install it because almost all users have this certificate installed without their knowledge.
Have a nice day,
Microsoft Corporation
Attachment: sslpatch.exe
"This new worm attempts to use social engineering to again trick users into opening its attached file. Casual Internet users are at most risk for Invalid`s damaging retaliation," said Steven Sundermeier, Product Manager at Central Command, Inc. "At this time, we`ve received one report of this new worm, but Central Command is monitoring this worm`s activity very closely."
A complete description of the worm can be found at http://www.centralcommand.com
AntiVirus eXpert Professional starts at $49.95, and a free 30-day trial version may be downloaded from www.centralcommand.com or obtained by contacting Central Command toll-free at 877-943-8287.
Share
A leader in the anti-virus industry, Central Command, Inc, a privately held company, serves home PC users and industrial, financial, government, education and service firms with virus protection software, services, and information. The company services customers in over 67 countries and is headquartered in Medina, Ohio.
Central Command, EVRT, Emergency Virus Response Team are trademarks of Central Command, Inc. AntiVirus eXpert is a trademark of Softwin SRL, Romania. All other trademarks, trade names, and products referenced herein are property of their respective owners.
Editorial contacts