反病毒软件供应商美国Central Command于美国当地时间8月份31日，发出了有关蠕虫“Win32.Invalid.A@mm”的警告。该蠕虫能伪装成美国微软的技术支持部门发送电子邮件。微软把该蠕虫的危险度定为“中”。

　　Win32.Invalid.A@mm使用随机键将用户保存在电脑中的执行文件进行加密，导致其无法使用。当连接因特网以后，该蠕虫将搜索所有位于My Document文件夹中的“ht*”文件

，在从这些文件中筛选出电子邮件地址以后发送以下内容的电子邮件。

　　如下所示，由于该蠕虫“伪装成微软公司的技术支持，因此用户容易上当，轻易地打开附件”(Central Command公司)。截止本文发表时，微软接到的有关受害报告为一件。

　　电子邮件的详细内容如下∶

　　发件人："Microsoft Support" support@microsoft.com主题名：Invalid SSL Certificate附件：sslpatch.exe本文：Hello, Microsoft Corporation announced that an invalid SSL certificate that web sites use is required to be installed on the user computer to use the https protocol. During the installation, the certificate causes a buffer overrun in Microsoft Internet Explorer and by that allows attackers to get access to your computer. The SSL protocol is used by many companies that require credit card or personal information so, there is a high possibility that you have this certificate installed. To avoid of being attacked by hackers, please download and install the attached patch. It is strongly recommended to install it because almost all users have this certificate installed without their knowledge.

　　Have a nice day, Microsoft Corporation

　　Attachment: sslpatch.exe

　　新浪天堂隆重发布，百万玩家迎接公开测试