here we go again... FYI
Malware disguising itself as IE 7 beta download
That e-mail is lying; whatever you do, don't click the link
March 30, 2007 (IDG News Service) -- If you receive an e-mail offering a
download of Internet Explorer 7 Beta 2, delete it. A new virus is making
the rounds that comes disguised as a test version of Microsoft Corp.'s
current Web browser.
Security experts reported no widespread damage Friday morning, but they
said the virus is notable for a couple of reasons. The e-mail includes a
convincing graphic that looks like it could really be from Microsoft,
and the virus is delivered when recipients click on a link rather than
in an attachment, which makes it harder to stop it from
"The idea of sending a link seems to be a trend among attackers; it's
still fairly new and it works much better than sending a file," said
Mikko Hypponen, chief research officer at F-Secure Corp.
The e-mails carry the subject line "Internet Explorer 7 Downloads" and
appear to come from email@example.com. They include a blue,
Microsoft-style graphic offering a download of IE 7 beta 2. Clicking the
graphic will download an executable file called IE 7.exe.
The file is actually a new virus called Virus.Win32.Grum.A, and security
experts were still analyzing it Friday to see what it does. Sophos PLC
said it can spread by e-mailing itself to contacts in a user's address
book. The virus tampers with registry files to ensure it gets installed,
and it tries to download additional files from the Internet, said Graham
Cluley, a senior technology consultant for Sophos.
Other specifics were unknown yet, but such viruses often install a
keystroke logger to steal personal information, and establish a network
of infected computers to launch a denial of service attack, Cluley said.
"We don't know anything yet about where it is coming from," Hypponen
said. "It's fairly well made and hard to analyze with normal tools."
F-Secure had received many reports of the e-mail but few submissions of
the virus itself, indicating that damage so far is limited. Cluely
agreed: "I wouldn't classify this as one of the biggest viruses of the
year, but that doesn't mean it isn't a threat" he said.
Detection of Win32.Grum by antivirus programs was "mediocre" on Thursday
evening, according to Sunbelt Software Inc., and some big vendors were
still not picking it up Friday morning, Hypponen said.
F-Secure and Sophos are blocking the virus and all major vendors are
likely to do so soon, he said. Some e-mail filtering systems were also
not blocking the virus on Friday morning.
The virus is being hosted on several servers around the world, which
will increase the time it takes to identify and clean them all. They
appear to be Web servers that have been hacked, Hypponen said. The SANS
Internet Storm Center asked administrators to check their logs to make
sure they are not hosting the file.
The virus affects only Windows users. "Microsoft is aware of this issue
and is currently investigating this matter, including customer impact,"
a spokeswoman said via e-mail.
The final version of IE 7 was released last October, so Microsoft is
unlikely to be advertising a beta of the product. Users can download a
real version of the software at Microsoft's Internet Explorer home page
To sign-off this list, send email to firstname.lastname@example.org with the
message text UNSUBSCRIBE GARDENCHAT
Other Mailing lists |
Author Index |
Date Index |
Subject Index |