Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Microsoft

Microsoft

Sophos: What You Get When You Download Internet Explorer 7

Update

By Marius Oiaga, Technology News Editor

30th of March 2007, 15:25 GMT

Adjust text size:



Enlarge picture
Security company Sophos describes in detail what users will get when they download an install Internet Explorer 7. However, Sophos did not focus on the final version of Internet Explorer 7 as delivered
by Microsoft via its official download web page or through Automatic Updates. Instead, Sophos has analyzed Internet Explorer 7 Beta 2, the version that is aggressively promoted through a spam campaign.

"The emails, which claim to come from admin@microsoft.com and have the subject line "Internet Explorer 7 Downloads", display an image which invites users to download beta 2 of Internet Explorer 7. However, users who click on the image will download a file called ie7.0.exe which is infected by the W32/Grum-A worm," revealed Sophos.

According to Sophos, this is not the first time that malware poses as a download from Microsoft. This is no more than a social engineering method designed to provide enough incentive for unsuspecting users to download the Grum worm.

"Worms like this are only succeeding in spreading because so many people have still not learnt to be suspicious of unsolicited emails, even if they claim to come from well-known companies like Microsoft," said Graham Cluley, senior technology consultant for Sophos. "The problem is that to the casual observer the email looks genuine, and the image displayed looks near-identical to the imagery that Microsoft is using on its website to promote Internet Explorer 7.0. Clicking on the image, however, doesn't download the real beta - but malicious code straight from the hackers."

Grum
Enlarge picture
The Grum worm is an appender virus for the Windows platform. If executed, Grum will copy itself to winlogon.exe and infect files that are referenced by Run keys. The worm also modifies the registry, edits the HOSTS file, injects a thread into system.dll and patches ntdll.dll and kernel32.dll system files.

"There have been many occasions when virus writers have coded attacks that have presented themselves as communications from Microsoft," continued Cluley. "For instance, in 2003 the Gibe-F worm (also known as Swen) posed as a critical security update from the software giant, and two years ago hackers directed Internet users to a bogus website masquerading as Microsoft's update page."

TAGS:

 Internet Explorer 7 | Grum | spam


Rating:
Good (3.8/5) 9 vote(s) so far    

Read by 2,899 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Firefox Takes Another Bite Out of Internet Explorer

Internet Explorer 8.0 Is Cooking Since Early January 2006

Mozilla Firefox 3.0 Drops This Spring

Freshly Dug Cross-Site Scripting Hole in Internet Explorer 7

IE7, Firefox, Opera - The Browser War Is On! Vote Now!

Firefox 2.0 and IE7 Are Equally Matched in Security

Download Free Windows XP Service Pack 2

Discover the Benefits of Deploying Internet Explorer 7

Internet Explorer Security Will Ultimately Fail Miserably

Download Internet Explorer 7 Beta 2 Now!

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive