News

E-mail Worm Masquerades as Microsoft Support Message

An antivirus vendor Thursday warned of a worm that spreads itself by masquerading as a technical support e-mail from Microsoft Corp.

Only one report of the worm had arrived at Central Command Inc., a PC antivirus software and computer security services firm.

"But [we're] monitoring this worm's activity very closely," Steven Sundermeier, product manager at Central Command, said in a statement.

Users receiving the new worm, called Win32.Invalid.A@mm, see a legitimate-looking From line: "Microsoft Support" support@microsoft.com. The subject line reads, "Invalid SSL Certificate."

The message describes a problem with an SSL certificate and advises users to install an attachment called, sslpatch.exe.

The result is a destructive payload that can break executable files by encrypting them with a random encryption key. It is a mass-mailing worm.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.