TechTarget

E-mail worm poses as Microsoft invitation

E-mail users are being warned of a widespread malicious attack that poses as an invitation from Microsoft to download a beta version of Internet Explorer 7.0.

E-mail users are being warned of a widespread malicious attack that poses as an invitation from Microsoft to download a beta version of Internet Explorer 7.0.

The emails, which claim to come from admin@microsoft.com and have the subject line "Internet Explorer 7 Downloads", display an image which invites users to download beta 2 of Internet Explorer 7. 

However, users who click on the image will download a file called ie7.0.exe which is infected by the Grum-A worm. Users who download the worm risk losing data and leaving their machines open to hackers.

"Worms like this are only succeeding in spreading because so many people have still not learned to be suspicious of unsolicited emails, even if they claim to come from well-known companies like Microsoft,"
said Graham Cluley, senior technology consultant at internet security software firm Sophos

He said, "The problem is that to the casual observer the e-mail looks genuine, and the image displayed looks near-identical to the imagery that Microsoft is using on its website to promote Internet Explorer 7.0.” 

Clicking on the image however, doesn't download the real beta - but malicious code straight from the hackers.

The Grum worm is an appender virus which infects executable files referenced by Run keys in the Windows Registry. 

When run, it copies itself to \winlogon.exe and makes changes to the Registry.  It also edits the Hosts file, injecting a thread into system.dll, and attempts to patch the system files ntdll.dll and kernel32.dll.

Related article: China is leading zombie host

Related article: Malware overview: the full details

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close