News

New worm encrypts .exe files

US-based anti-virus vendor Central Command has detected a new worm that mass-mails itself to users disguised as a warning from Microsoft and encrypts executable files rendering them unusable.

The worm, called Win32.Invalid.A@mm, can infect computers running Windows, Windows NT and Windows 2000.

Central Command rates the virus as medium risk, and said that so far there has been only one report of an infection.

But Ryan Russell, an analyst at business security firm SecurityFocus.com, said the virus does pose a threat. "I think it's just early in the cycle," he said.

According to Central Command's announcement, the new worm carries a destructive payload that renders executable (.exe) applications unusable by encrypting them with a random encryption key.

The worm first verifies that an Internet connection is available and, if a connection is established, searches for all files starting with the extension ".ht*" in the My Documents folder. It then extracts the e-mail addresses from within the files and sends a messaging claiming to be from Microsoft.

Steven Sundermeier, a product manager at Central Command, said: "This new worm attempts to use social engineering to again trick users into opening its attached file. Casual Internet users are at most risk for Invalid's damaging retaliation."

The worm-embedded e-mail has a false "from" field indicating that it comes from support@microsoft.com. It directs the user to download a patch to prevent buffer overruns in Internet Explorer from invalid SSL certificates.

The bogus e-mail says: "The SSL protocol is used by many companies that require credit card or personal information, so there is a high possibility that you have this certificate installed. To avoid being attacked by hackers, please download and install the attached patch. It is strongly recommended to install it because almost all users have this certificate installed without their knowledge."

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy