Warning: New email virus disguises itself as IE7 beta

3 views
Skip to first unread message

Shawn

unread,
Mar 30, 2007, 2:58:39 PM3/30/07
to SecAudit
By Justin Mann, TechSpot.com
Published: March 30, 2007, 1:20 PM EST


More disheartening Windows security news, a new virus has been
released into the wild and is showing up in inboxes disguised as an
IE7 update. While safe mail habits will protect anyone from getting
their machine compromised, the threat is still there. Rather than
showing up as an attachment, it is an embedded link in a Microsoft-ish
image. The true nature of the virus has not yet been fully explained:


The file is actually a new virus called Virus.Win32.Grum.A, and
security experts were still analyzing it Friday to see what it does.
Sophos PLC said it can spread by e-mailing itself to contacts in a
user's address book. The virus tampers with registry files to ensure
it gets installed, and it tries to download additional files from the
Internet, said Graham Cluley, a senior technology consultant for
Sophos.

As late as this morning, there are still some A/V suites that do not
pick up on this virus, so be cautious if you rely on them to do all
your patrolling for you. The actual servers hosting the infected file
are spread out around the world, making it trickier to track the
server owners down and get them to clean up their machines. Non-
Windows machines are not affected.

More news to follow...

Shawn

Shawn

unread,
Apr 2, 2007, 1:12:12 PM4/2/07
to SecAudit
Update:

Fake Internet Explorer 7 Installer Phishing Attacks
added March 30, 2007

US-CERT is aware of reports of malware using social engineering to
propagate. Spam appearing to come from "ad...@microsoft.com" contains
a link to a malicious file that claims to be an installer for Internet
Explorer 7. Typically the file is named "IE7.0.exe" and if executed
installs a rootkit on the target machine.

US-CERT encourages users to take the following preventative measures
to help mitigate this risk:

Do not follow unsolicited links in email messages.
Install anti-virus software, and keep its virus signature files up-to-
date.
Review the Reducing Spam Cyber Security Tip.
Review the Avoiding Social Engineering and Phishing Attacks Cyber
Security Tip.
US-CERT will continue to investigate and provide additional
information as it becomes available.


Shawn

Reply all
Reply to author
Forward
0 new messages