hort.net Seasonal photo, (c) 2006 Christopher P. Lindsey, All Rights Reserved: do not copy
articles | gallery of plants | blog | tech blog | plant profiles | patents | mailing lists | top stories | links | shorturl service | tom clothier's archive0
Gallery of Plants
Tech Blog
Plant Profiles
Mailing Lists
    Search ALL lists
    Search help
    Subscription info
Top Stories
sHORTurl service
Tom Clothier's Archive
 Top Stories
New Trillium species discovered

Disease could hit Britain's trees hard

Ten of the best snowdrop cultivars

Plant protein database helps identify plant gene functions

Dendroclimatologists record history through trees

Potato beetle could be thwarted through gene manipulation

Hawaii expands coffee farm quarantine

Study explains flower petal loss

RSS story archive

here we go again... FYI

Malware disguising itself as IE 7 beta download

That e-mail is lying; whatever you do, don't click the link

March 30, 2007 (IDG News Service) -- If you receive an e-mail offering a
download of Internet Explorer 7 Beta 2, delete it. A new virus is making
the rounds that comes disguised as a test version of Microsoft Corp.'s
current Web browser. 

Security experts reported no widespread damage Friday morning, but they
said the virus is notable for a couple of reasons. The e-mail includes a
convincing graphic that looks like it could really be from Microsoft,
and the virus is delivered when recipients click on a link rather than
in an attachment, which makes it harder to stop it from 

"The idea of sending a link seems to be a trend among attackers; it's
still fairly new and it works much better than sending a file," said
Mikko Hypponen, chief research officer at F-Secure Corp.

The e-mails carry the subject line "Internet Explorer 7 Downloads" and
appear to come from admin@microsoft.com. They include a blue,
Microsoft-style graphic offering a download of IE 7 beta 2. Clicking the
graphic will download an executable file called IE 7.exe.

The file is actually a new virus called Virus.Win32.Grum.A, and security
experts were still analyzing it Friday to see what it does. Sophos PLC
said it can spread by e-mailing itself to contacts in a user's address
book. The virus tampers with registry files to ensure it gets installed,
and it tries to download additional files from the Internet, said Graham
Cluley, a senior technology consultant for Sophos.

Other specifics were unknown yet, but such viruses often install a
keystroke logger to steal personal information, and establish a network
of infected computers to launch a denial of service attack, Cluley said.

"We don't know anything yet about where it is coming from," Hypponen
said. "It's fairly well made and hard to analyze with normal tools."

F-Secure had received many reports of the e-mail but few submissions of
the virus itself, indicating that damage so far is limited. Cluely
agreed: "I wouldn't classify this as one of the biggest viruses of the
year, but that doesn't mean it isn't a threat" he said.

Detection of Win32.Grum by antivirus programs was "mediocre" on Thursday
evening, according to Sunbelt Software Inc., and some big vendors were
still not picking it up Friday morning, Hypponen said.

F-Secure and Sophos are blocking the virus and all major vendors are
likely to do so soon, he said. Some e-mail filtering systems were also
not blocking the virus on Friday morning.

The virus is being hosted on several servers around the world, which
will increase the time it takes to identify and clean them all. They
appear to be Web servers that have been hacked, Hypponen said. The SANS
Internet Storm Center asked administrators to check their logs to make
sure they are not hosting the file.

The virus affects only Windows users. "Microsoft is aware of this issue
and is currently investigating this matter, including customer impact,"
a spokeswoman said via e-mail.

The final version of IE 7 was released last October, so Microsoft is
unlikely to be advertising a beta of the product. Users can download a
real version of the software at Microsoft's Internet Explorer home page
<http://www.microsoft.com/windows/products/winfamily/ie/default.mspx> .

To sign-off this list, send email to majordomo@hort.net with the

Other Mailing lists | Author Index | Date Index | Subject Index | Thread Index

 © 1995-2017 Mallorn Computing, Inc.All Rights Reserved.
Our Privacy Statement