[triadtechtalk] New worm
- From: <budge@xxxxxxxxxxxxxxx>
- To: "triadtechtalk@xxxxxxxxxxxxx" <triadtechtalk@xxxxxxxxxxxxx>
- Date: Tue, 04 Sep 2001 05:40:56 -0700
New Internet Worm Masquerades as MS Tech Support Email
This puppy looks like an e-mail from MS Technical Support. The new worm named
Win32.Invalid.A@mm totes around a nasty payload that renders .exe's unusable by
encrypting them with a random key. This thing will not hurt you if you stop
.exe's from proliferating and most of you do. But this one is interesting...
The worm first verifies that an Internet connection is available and if a
connection is established it searches for all files starting with the extension
".ht*" in the My Documents folder. It then extracts the e-mail addresses from
within the files and sends the following message that starts like this:
From: "Microsoft Support" support@xxxxxxxxxxxxx
Subject: Invalid SSL Certificate
Body:
Hello,
Microsoft Corporation announced that an invalid SSL certificate that web sites
use is required to be installed on the user computer to use the https protocol.
During the installation, the certificate causes a buffer overrun in Microsoft
Internet Explorer and by that
(SNIP)
Attachment: sslpatch.exe
This new worm attempts to use social engineering to again trick users into
opening its attached file. Casual Internet users are at most risk for Invalid's
damaging retaliation," said Steven Sundermeier, Product Manager at Central
Command, Inc. "At this time, we've received one report of this new worm, but
Central Command is monitoring this worms activity very closely."
Pamela
_____________________________________________________________
Global Virtual Desktop
http://www.magicaldesk.com
UNSUBSCRIBE by sending email to triadtechtalk-request@xxxxxxxxxxxxx with
unsubscribe in the Subject field.
To VIEW/CHANGE your subscription status go to
//www.freelists.org/webpage/triadtechtalk
Other related posts:
