Advertisement
Home arrow ITsec News arrow Download IE7 and get Grum-A
Saturday, 22 November 2008
  
 
Last week attacks
O.S.  Defs.  %
Linux  8778  71.58%
Win 2003  1950  15.90%
Win 2000  722  5.89%
Solaris 9/10  402  3.28%
FreeBSD  226  1.84%
Other  185  1.51%

Total attacks: 12263 of which 4619 single ip and 7644 mass defacements

Main Menu
Home
Digital Warfare
Geopolitics
ITsec News
ITsec Advisories
Test Drive
360°
Digital Attacks Archive
Zone-H events
Publications
Zone-H Friends/Partners
Contact Us
Search
Download Area
Zone-H forum
About this website
Login Form





Lost Password?
No account yet? Register
Visitors' Map
Download IE7 and get Grum-A PDF Print E-mail
User Rating: / 5
PoorBest 
Monday, 02 April 2007

Experts at Sophos Labs  warned  about a widespread malicious attack which is perpetrated through an e-mail inviting users to download the beta for Internet Explorer 7.0. 

The e-mail, whose subject  is "Internet Explorer 7 Downloads", claims to come from  This e-mail address is being protected from spam bots, you need JavaScript enabled to view it     and displays an image which invites users to download beta 2 of Internet Explorer 7.

But actually, the message is fake and it contains the file called ie7.0.exe, infected by  a virus, known as Grum-A  , that infects executable files referenced by Run keys in the Windows Registry. 

According to Sophos senior technology consultant Graham Cluley , "the problem is that to the casual observer the email looks genuine, and the image displayed looks near-identical to the imagery that Microsoft is using on its website to promote Internet Explorer 7.0.”  

But the file is not innocuous at all, since not only does it copy itself to \winlogon.exe to make changes to Windows Registry, but it also edits the Hosts file, injecting a thread into system.dll, and attempts to patch the system files ntdll.dll and kernel32.dll, the magazine Computer Weekly reported.

Microsoft is one of the main targets for malware scams and all emailers are warned to look out for messages with a subject line that reads "Internet Explorer 7 Downloads".

"There have been many occasions when virus writers have coded attacks that have presented themselves as communications from Microsoft. Two years ago hackers directed internet users to a bogus website masquerading as Microsoft's update page," said Cluley .

But in this specific case, there are elements that could make users “smell the rat”:

first of all, major companies usually do not ask web surfers to download software upgrades by e-mail. Then, the full version of IE/ was released last October  and the upgrade is available on Microsoft official web site, so there’s no need for the Company to send similar e-mails. But,  yet, there are off-guard users who do not care or do not know such precautions… and they are the perfect prey for malicious attacks.


Comments Index (Total Messages: 1)
hat Written by Guest on 2007-04-25 04:13:06

Powered by a Zone-H(ified) version of AkoComment 3.0!


DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The   author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.
 
< Prev   Next >
[ Back ]
Advertisement
 
Top!
© 2008 Zone-H.org - Unrestricted Information
Joomla! is Free Software released under the GNU/GPL License.
 Top!