Spam poses as Internet Explorer 7 download

By Bill Brenner, Senior News Writer 30 Mar 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Clicking on the image, however, doesn't download the real beta -- but malicious code straight from the hackers. Graham Cluley, Senior Technology Consultant, Sophos

That warning comes from UK-based antivirus firm Sophos and Clearwater, Fla.-based security vendor Sunbelt Software. The malicious spam comes in the form of an email from "admin@microsoft.com" with the subject line "Internet Explorer 7 Downloads."

The email displays an image that invites users to download beta 2 of the browser. But those who click the image will instead download a file called ie7.0.exe, which is infected by malware Sophos calls W32.Grum-A.

Grum infects executable files referenced by run keys in the Windows registry, Sophos said. When run, it copies itself to winlogon.exe and makes changes to the registry. It also edits the hosts file, injecting a thread into system.dll, and attempts to patch the system files ntdll.dll and kernel32.dll.

Internet Explorer 7: Web Browser Security Learning Guide: This learning guide identifies the inherent flaws of Internet Explorer and Mozilla Firefox, introduces viable Web browser alternatives, and provides tools and tactics to maximize your Web browsing experience. Phishing risk seen in new IE 7 flaw: Microsoft said it is investigating a flaw in Internet Explorer 7 (IE 7) attackers could exploit to launch phishing expeditions. Microsoft warns of new Windows zero-day: Attackers are exploiting a new zero-day flaw in Windows, Microsoft confirmed Thursday. Vista is affected, and Microsoft advises caution when opening email attachments.

Sophos Senior Technology Consultant Graham Cluley said attackers continue to use such tricks successfully because many users still haven't learned to be suspicious of unsolicited emails.

"The problem is that to the casual observer the email looks genuine, and the image displayed looks near-identical to the imagery that Microsoft is using on its Website to promote Internet Explorer 7," he said on the Sophos Website. "Clicking on the image, however, doesn't download the real beta -- but malicious code straight from the hackers."

Sunbelt President Alex Eckelberry also warned about it in his blog. The entry offers a deeper analysis of the malware.

This is the latest in a series of threats to plague Windows users in recent weeks.

Thursday, Microsoft acknowledged that attackers are using a new, unpatched flaw in Internet Explorer to compromise machines running a number of versions of Windows, including Vista.

Craig Schmugar of McAfee Inc.'s Avert Labs said in a blog posting that the lab has received a sample of one piece of malware that targets that flaw.

"Preliminary tests demonstrate that Internet Explorer 6 and 7 running on a fully patched Windows XP SP2 are vulnerable to this attack," he said. "Windows XP SP0 and SP1 do not appear to be vulnerable, nor does Firefox 2.0. Exploitation happens completely silently.

Last week, Microsoft also acknowledged last it's investigating reports of another flaw in Vista. That flaw reportedly affects Windows Mail on all versions of Vista. Cupertino, Calif.-based antivirus giant Symantec Corp. said attackers could potentially exploit a design flaw to delete files or shut down the victim's computer.

And two weeks ago, Israeli vulnerability researcher Aviv Raff warned of a flaw in Internet Explorer 7 that could be used to launch phishing expeditions.

Tags: Web Browser Security,  Malware, Viruses, Trojans and Spyware,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Web Browser Security Microsoft fixes security update that breaks Internet Explorer Mozilla update repairs Firefox buffer overflow vulnerabilities Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Do Facebook URL security concerns justify blocking social networks? Phishing attacks to remain a major problem, say security experts Adrian Perrig: Improve SSL/TLS Security Through Education and Technology New Bahama botnet evades search engines, fuels click fraud SANS: Application threats, website flaws pose biggest security threats Mozilla helps Adobe push out faster patches Web Browser Security Research Malware, Viruses, Trojans and Spyware Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Mini guide: How to remove and prevent Trojans, malware and spyware Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Breach forces payroll service provider PayChoice to shut down again RSA research underscores problem tracking cybercriminals Conficker analysis finds P2P coding limited, less sophisticated

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary browser hijacker  (SearchSecurity.com) cache cramming  (SearchSecurity.com) cache poisoning  (SearchSecurity.com) honey monkey  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) NCSA  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary