New Internet Worm Masquerades as MS Tech Support Email This puppy looks like an e-mail from MS Technical Support. The new worm named Win32.Invalid.A@mm totes around a nasty payload that renders .exe's unusable by encrypting them with a random key. This thing will not hurt you if you stop .exe's from proliferating and most of you do. But this one is interesting... The worm first verifies that an Internet connection is available and if a connection is established it searches for all files starting with the extension ".ht*" in the My Documents folder. It then extracts the e-mail addresses from within the files and sends the following message that starts like this: From: "Microsoft Support" support@xxxxxxxxxxxxx Subject: Invalid SSL Certificate Body: Hello, Microsoft Corporation announced that an invalid SSL certificate that web sites use is required to be installed on the user computer to use the https protocol. During the installation, the certificate causes a buffer overrun in Microsoft Internet Explorer and by that (SNIP) Attachment: sslpatch.exe This new worm attempts to use social engineering to again trick users into opening its attached file. Casual Internet users are at most risk for Invalid's damaging retaliation," said Steven Sundermeier, Product Manager at Central Command, Inc. "At this time, we've received one report of this new worm, but Central Command is monitoring this worms activity very closely." Pamela _____________________________________________________________ Global Virtual Desktop http://www.magicaldesk.com UNSUBSCRIBE by sending email to triadtechtalk-request@xxxxxxxxxxxxx with unsubscribe in the Subject field. To VIEW/CHANGE your subscription status go to //www.freelists.org/webpage/triadtechtalk