 |
 New worm masquerades as a warning from Microsoft
September 3, 2001
Antivirus vendor Central Command says it has discovered a new worm that masquerades as a warning from Microsoft Technical Support. The worm, dubbed Win32.Invalid.A@mm -- mass mails itself to users and once launched from an attachment, encrypts executable files, making them unusable.
The worm falsely claims to come from "Microsoft Support - support@microsoft.com" can infect computers running Windows, Windows NT, and Windows 2000. The body of the message tempts users to run a file named, "sslpatch.exe" under the premise that the patch fixes a security hole in Internet Explorer (IE).
The worm first verifies that an Internet connection is active, and if a connection is established it searches for all files starting with the extension '.ht*' in the My Documents folder, then it extracts the e-mail addresses from within the files and sends a warning message claiming to be from Microsoft Tech Support.
Microsoft has said in the past that users should remember that Microsoft never sends patches via email. Instead, users can download all of the company's patches only on its Web site.
|
|
