Another FAKE Microsoft Technical Bulletin carrying a mass mailing worm is loos
The mass-mailing worm, dubbed Win32.Invalid.A@mm, pretends to come from Microsoft's technical support department, but actually carries a destructive payload that can make executable (.exe) applications unusable by encrypting them with a random encryption key, Central Command said.
"This new worm attempts to use social engineering to again trick users into opening its attached file," said Steven Sundermeier, product manager at Central Command, in a statement. The Medina-based company said it has received only one report of the worm but ranks it as a medium risk. "It does contain a malicious payload and has potential to spread," Sundermeier said.
New Worm Masquerades As Microsoft Message
By Marcia Savage, CRN
The worm comes as an e-mail from Microsoft Support with the message "Invalid SSL Certificate" in the message line. The body of the message says the invalid SSL (Secure Sockets Layer) certificate causes a buffer overrun in Internet Explorer that can allow attackers to access the user's computer. It urges the user to download an attached patch to avoid being attacked.
According to Central Command, when activated, the worm first verifies that an Internet connection is available, and once the connection is established, it searches for all files starting with the extension .ht in the My Documents folder. Then it sends itself to the e-mail addresses it extracts from within the files.
The fake message that pretends to come from Microsoft says :
From: "Microsoft Support" support@microsoft.com
Subject: Invalid SSL Certificate
Hello,
Microsoft Corporation announced that an invalid
SSL certificate that web sites use is required to be
installed on the user computer to use the https
protocol. During the installation, the certificate
causes a buffer overrun in Microsoft Internet
Explorer and by that allows attackers to get
access to your computer. The SSL protocol is
used by many companies that require credit card
or personal information so, there is a high
possibility that you have this certificate installed.
To avoid of being attacked by hackers, please
download and install the attached patch. It is
strongly recommended to install it because almost
all users have this certificate installed without their
knowledge.
Have a nice day,
Microsoft Corporation
Attachment: sslpatch.exe