Malware disguising itself as IE 7 beta download
That e-mail is lying; whatever you do, don't click the link
IDG News Service - If you receive an e-mail offering a download of Internet Explorer 7 Beta 2, delete it. A new virus is making the rounds that comes disguised as a test version of Microsoft Corp.'s current Web browser.
Security experts reported no widespread damage Friday morning, but they said the virus is notable for a couple of reasons. The e-mail includes a convincing graphic that looks like it could really be from Microsoft, and the virus is delivered when recipients click on a link rather than in an attachment, which makes it harder to stop it from reaching in-boxes.
"The idea of sending a link seems to be a trend among attackers; it's still fairly new and it works much better than sending a file," said Mikko Hypponen, chief research officer at F-Secure Corp.
The e-mails carry the subject line "Internet Explorer 7 Downloads" and appear to come from firstname.lastname@example.org. They include a blue, Microsoft-style graphic offering a download of IE 7 beta 2. Clicking the graphic will download an executable file called IE 7.exe.
The file is actually a new virus called Virus.Win32.Grum.A, and security experts were still analyzing it Friday to see what it does. Sophos PLC said it can spread by e-mailing itself to contacts in a user's address book. The virus tampers with registry files to ensure it gets installed, and it tries to download additional files from the Internet, said Graham Cluley, a senior technology consultant for Sophos.
Other specifics were unknown yet, but such viruses often install a keystroke logger to steal personal information, and establish a network of infected computers to launch a denial of service attack, Cluley said.
"We don't know anything yet about where it is coming from," Hypponen said. "It's fairly well made and hard to analyze with normal tools."
F-Secure had received many reports of the e-mail but few submissions of the virus itself, indicating that damage so far is limited. Cluely agreed: "I wouldn't classify this as one of the biggest viruses of the year, but that doesn't mean it isn't a threat" he said.
Detection of Win32.Grum by antivirus programs was "mediocre" on Thursday evening, according to Sunbelt Software Inc., and some big vendors were still not picking it up Friday morning, Hypponen said.
F-Secure and Sophos are blocking the virus and all major vendors are likely to do so soon, he said. Some e-mail filtering systems were also not blocking the virus on Friday morning.
The virus is being hosted on several servers around the world, which will increase the time it takes to identify and clean them all. They appear to be Web servers that have been hacked, Hypponen said. The SANS Internet Storm Center asked administrators to check their logs to make sure they are not hosting the file.
The virus affects only Windows users. "Microsoft is aware of this issue and is currently investigating this matter, including customer impact," a spokeswoman said via e-mail.
The final version of IE 7 was released last October, so Microsoft is unlikely to be advertising a beta of the product. Users can download a real version of the software at Microsoft's Internet Explorer home page.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts