Breaking News | Forum | UK News | USA News | World News | Political News | Sci-Tech News | War & Terrorism News | Sports News | Multimedia | Set Homepage

Translate:

Saturday, March 31st, 2007

Security researchers have warned of a new virus disguised as a download of Internet Explorer 7 Beta 2.
They said the virus was unusual for a couple of reasons: the email includes a convincing graphic that looks like it could really be from Microsoft, and the virus is delivered when recipients click on a link rather than in an attachment, which makes it harder to stop it from reaching in-boxes.

“The idea of sending a link seems to be a trend among attackers; it’s still fairly new and it works much better than sending a file,” said Mikko Hypponen, chief research officer at F-Secure.

The e-mails carry the subject line “Internet Explorer 7 Downloads” and appear to come from admin@microsoft.com. They include a blue, Microsoft-style graphic offering a download of IE 7 beta 2. Clicking the graphic will download an executable file called IE 7.exe.

The file is actually a new virus called Virus.Win32.Grum.A, and security experts are still analysing it to see what it does. Sophos said it can spread by e-mailing itself to contacts in a user’s address book. The virus tampers with registry files to ensure it gets installed, and it tries to download additional files from the Internet, said Graham Cluley, a senior technology consultant for Sophos.

Other specifics were unknown yet, but such viruses often install a keystroke logger to steal personal information, and establish a network of infected computers to launch a denial of service attack, Cluley said.

“We don’t know anything yet about where it is coming from,” Hypponen said. “It’s fairly well made and hard to analyse with normal tools.”

F-Secure had received many reports of the e-mail but few submissions of the virus itself, indicating that damage so far is limited. Cluely agreed: “I wouldn’t classify this as one of the biggest viruses of the year, but that doesn’t mean it isn’t a threat” he said.

Detection of Win32.Grum by anti-virus programs was “mediocre” by last evening, according to Sunbelt Software, and some big vendors were still not picking it up Friday morning, Hypponen said.

F-Secure and Sophos are blocking the virus and all major vendors are likely to do so soon, he said. Some email filtering systems were also not blocking the virus by this golmorning.

The virus is being hosted on several servers around the world, which will increase the time it takes to identify and clean them all. They appear to be web servers that have been hacked, Hypponen said. The SANS Internet Storm Center asked administrators to check their logs to make sure they are not hosting the file.

The virus affects only Windows users. “Microsoft is aware of this issue and is currently investigating this matter, including customer impact,” a spokeswoman said.

The final version of IE 7 was released last October, so Microsoft is unlikely to be advertising a beta of the product. Users can download a real version of the software at Microsoft’s Internet Explorer home page.

Source

Have Your Say: Users offered virus disguised as IE7
Please read our posting guidelines before posting.
Alternatively you can discuss this report here.

RSS TrackBack URL

Name (required)

Mail (will not be published) (required)

Website

Related News

• NSA releases new version of Linux software
• Censorship ‘changes face of net’
• Mobile Spy ups mobile snooping powers
• Did BT spy on 36,000 customers?
• NSA Had Access Built into Microsoft Windows

This entry was posted on Saturday, March 31st, 2007 at 2:01 am and is filed under Science & Technology News . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Loading ...

ADVERTISEMENTS

SITE MAPS

7/7 Afghanistan Alternative-Energy Art BBC Big-Brother Bilderberg Biometrics Bush Censorship CIA Climate-Change Cover-Up Cults Culture Database-State David-Hicks David-Ray-Griffin Debt Democrats Demos Drugs Education Entertainment Environmental News EU False-Flag FBI Fraud Free-Speech Freemasons G8 Globalization Guantanamo Health-News History ID-Cards Internet Iran Iraq Israel John McCain Law Marches Media News MI5 MI6 Microsoft Military MoD Money Music NASA Neocons New World Order NSA Oil Pakistan Podcast Police-State Propaganda RFID RINF Rumsfeld Science Science & Technology News Secrecy Security Slavery Space Sports Spy Spying Stephen-Lendman Technology Terrorism Tony-Blair Torture TV UK-News UN USA- USA-News Video Voting war War & Terrorism News Warfare White-House Wolfowitz World-News Yahoo
2003 - 2005 Archives | 2005 - 2007 Archives | 2007 - 2008 Archives | Current Archives | Past Version