New virus targets, encrypts .exe files

Antivirus vendor Central Command Inc. has detected a new worm that, disguised as a warning from Microsoft Corp., mass-mails itself to users and once launched from an attachment, encrypts executable files, rendering them unusable.

The Medina, Ohio-based security company rates the virus as a medium risk and said that so far, there has been only one report of an infection. The worm, Win32.Invalid.A@mm, can infect computers running Windows 9x, NT and 2000.

Even so, Ryan Russell, an analyst at business security firm SecurityFocus.com Inc. in San Mateo, Calif., said the virus does pose a threat. "I think it's just early in the cycle," he said.

According to the announcement from Central Command, "The new worm named Win32.Invalid.A@mm carries a destructive payload that can render executable (.exe) applications unusable by encrypting them with a random encryption key."

The worm-embedded e-mail has a false From field indicating that it's from support@microsoft.com. It directs the user to download a patch to prevent buffer overruns in Internet Explorer from invalid Secure Sockets Layer (SSL) certificates.

"The SSL protocol is used by many companies that require credit card or personal information, so there is a high possibility that you have this certificate installed," the bogus e-mail says. "To avoid being attacked by hackers, please download and install the attached patch. It is strongly recommended to install it because almost all users have this certificate installed without their knowledge."

Join the newsletter!

Error: Please check your email address.

More about MicrosoftSecurityFocus

Show Comments

Market Place