I-Worm.Invalid
Adresy potencjalnych ofiar pobierane s膮 z plik贸w HTML.
Zainfekowane wiadomo艣ci e-mail wygl膮daj膮 nast臋puj膮co:
- Adres nadawcy:
Microsoft Support [support@microsoft.com]
- Temat:
Invalid SSL Certificate',0Dh,0Ah
- Tre艣膰:
Hello, Microsoft Corporation announced that an invalid SSL certificate that web sites use is required to be installed on the user computer to use the https protocol. During the installation, the certificate causes a buffer overrun in Microsoft Internet Explorer and by that allows attackers to get access to your computer. The SSL protocol is used by many companies that require credit card or personal information so, there is a high possibility that you have this certificate installed. To avoid of being attacked by hackers, please download and install the attached patch. It is strongly recommended to install it because almost all users have this certificate installed without their knowledge. Have a nice day, Microsoft Corporation
- Nazwa za艂膮cznika: SSLPATCH.EXE
W przypadku wyst膮pienia b艂臋du oraz po wys艂aniu zainfekowanych wiadomo艣ci robak szyfruje wszystkie pliki EXE zapisane w folderze bie偶膮cym oraz w folderach nadrz臋dnych. Szkodnik wykorzystuje standardowe funkcje szyfruj膮ce dost臋pne w systemie Winodws.
W kodzie szkodnika zapisany jest nast臋puj膮cy tekst:
I-Worm.Invalid, Written By Dr.T/BCVG Network, 2001 The Black Cat Virii Group, 2001