Worm Attack Masquerades As IE7 Download Offer - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

Worm Attack Masquerades As IE7 Download Offer

E-mails display an image that invites users to download a beta of a new version of Internet Explorer 7, but instead they are hit with the Grum-A worm.

A security company issued a warning Friday about a widespread attack that's masquerading as an offer from Microsoft to download a version of Internet Explorer 7.

The e-mails, which claim to come from [email protected] and have the subject line "Internet Explorer 7 Downloads," display an image that invites users to download beta 2 of Internet Explorer 7, according to an advisory from Sophos, a security company. Users who make the mistake of clicking on the link in the message, though, instead are infected by the W32/Grum-A worm.

"Worms like this are only succeeding in spreading because so many people have still not learned to be suspicious of unsolicited e-mails, even if they claim to come from well-known companies like Microsoft," said Graham Cluley, senior technology consultant for Sophos, in a written statement. "The problem is that to the casual observer the e-mail looks genuine, and the image displayed looks near-identical to the imagery that Microsoft is using on its Web site to promote Internet Explorer 7.0. Clicking on the image, however, doesn't download the real beta, but malicious code straight from the hackers."

The Grum worm is an appender virus that infects executable files referenced by Run keys in the Windows Registry. When activated, it copies itself to \winlogon.exe and makes changes to the Registry. It also edits the HOSTS file, injecting a thread into system.dll and attempts to patch two system files.

Cluley noted in the advisory that it's an old trick for hackers to mask their attacks as communications from Microsoft. In 2003, the Gibe-F worm, which also was known as Swen, was disguised as a critical Microsoft security update, and in 2005, hackers directed duped users to a bogus and malicious Web site masquerading as a Microsoft update page.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll