Win32.Invalid.A@mm

来源：QQread收集作者：出处：巧巧读书 2006-03-01 进入讨论组

病毒分类

特洛伊木马

病毒名称

Win32.Invalid.A@mm 　

别名

I-Worm.Invalid; W32.https.worm 　

病毒长度

12288字节

危害程度

一般

传播途径

邮件及网络　

传播程度

少

感染

文件　

病毒发作

Win32.Invalid.A@mm是一个通过E-MAIL传播的网络蠕虫。

邮件的格式如下：
发件人: "Microsoft Support" support@microsoft.com
主题: Invalid SSL Certificate
消息:

Hello,
Microsoft Corporation announced that an invalid SSL certificate that web sites use is required to be installed on the user computer to use the https protocol. During the installation, the certificate causes a buffer overrun in Microsoft Internet Explorer and by that allows attackers to get access to your computer. The SSL protocol is used by many companies that require credit card or personal information so, there is a high possibility that you have this certificate installed.
To avoid of being attacked by hackers, please download and install the attached patch. It is strongly recommended to install it because almost all users have this certificate installed without their knowledge.

Have a nice day,
Microsoft Corporation

附件: sslpatch.exe

当附件被执行，病毒检查当前的internet连接，如果目前没有internet连接，病毒的有效载荷将被执行。
如果找到的internet连接，病毒将搜索my Documents目录中*.ht*文件，在找到的每个文件中，病毒将搜索mailto:后面的字符串，并把这些字符串作为外发邮件的地址。

如果这个过程中发生任何错误，都将激活有效载荷。

当有效载荷被激活后，病毒搜索当前目录和上级目录中的所有exe文件，使用随机产生的键值对文件进行加密，使得这些文件不在可用。

备注