E-mail Worm Masquerades as Microsoft Support Message
- By Scott Bekker
- August 30, 2001
An antivirus vendor Thursday warned of a worm that spreads itself by masquerading as a technical support e-mail from Microsoft Corp.
Only one report of the worm had arrived at Central Command Inc., a PC antivirus software and computer security services firm.
"But [we're] monitoring this worm's activity very closely," Steven Sundermeier, product manager at Central Command, said in a statement.
Users receiving the new worm, called Win32.Invalid.A@mm, see a legitimate-looking From line: "Microsoft Support" email@example.com. The subject line reads, "Invalid SSL Certificate."
The message describes a problem with an SSL certificate and advises users to install an attachment called, sslpatch.exe.
The result is a destructive payload that can break executable files by encrypting them with a random encryption key. It is a mass-mailing worm.
Scott Bekker is editor in chief of Redmond Channel Partner magazine.