By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The worm, called Win32.Invalid.A@mm, can infect computers running Windows, Windows NT and Windows 2000.
Central Command rates the virus as medium risk, and said that so far there has been only one report of an infection.
But Ryan Russell, an analyst at business security firm SecurityFocus.com, said the virus does pose a threat. "I think it's just early in the cycle," he said.
According to Central Command's announcement, the new worm carries a destructive payload that renders executable (.exe) applications unusable by encrypting them with a random encryption key.
The worm first verifies that an Internet connection is available and, if a connection is established, searches for all files starting with the extension ".ht*" in the My Documents folder. It then extracts the e-mail addresses from within the files and sends a messaging claiming to be from Microsoft.
Steven Sundermeier, a product manager at Central Command, said: "This new worm attempts to use social engineering to again trick users into opening its attached file. Casual Internet users are at most risk for Invalid's damaging retaliation."
The worm-embedded e-mail has a false "from" field indicating that it comes from email@example.com. It directs the user to download a patch to prevent buffer overruns in Internet Explorer from invalid SSL certificates.
The bogus e-mail says: "The SSL protocol is used by many companies that require credit card or personal information, so there is a high possibility that you have this certificate installed. To avoid being attacked by hackers, please download and install the attached patch. It is strongly recommended to install it because almost all users have this certificate installed without their knowledge."