IoT
Software // Enterprise Applications
News
3/30/2007
04:40 PM
50%
50%

Worm Attack Masquerades As IE7 Download Offer

E-mails display an image that invites users to download a beta of a new version of Internet Explorer 7, but instead they are hit with the Grum-A worm.

A security company issued a warning Friday about a widespread attack that's masquerading as an offer from Microsoft to download a version of Internet Explorer 7.

The e-mails, which claim to come from admin@microsoft.com and have the subject line "Internet Explorer 7 Downloads," display an image that invites users to download beta 2 of Internet Explorer 7, according to an advisory from Sophos, a security company. Users who make the mistake of clicking on the link in the message, though, instead are infected by the W32/Grum-A worm.

"Worms like this are only succeeding in spreading because so many people have still not learned to be suspicious of unsolicited e-mails, even if they claim to come from well-known companies like Microsoft," said Graham Cluley, senior technology consultant for Sophos, in a written statement. "The problem is that to the casual observer the e-mail looks genuine, and the image displayed looks near-identical to the imagery that Microsoft is using on its Web site to promote Internet Explorer 7.0. Clicking on the image, however, doesn't download the real beta, but malicious code straight from the hackers."

The Grum worm is an appender virus that infects executable files referenced by Run keys in the Windows Registry. When activated, it copies itself to \winlogon.exe and makes changes to the Registry. It also edits the HOSTS file, injecting a thread into system.dll and attempts to patch two system files.

Cluley noted in the advisory that it's an old trick for hackers to mask their attacks as communications from Microsoft. In 2003, the Gibe-F worm, which also was known as Swen, was disguised as a critical Microsoft security update, and in 2005, hackers directed duped users to a bogus and malicious Web site masquerading as a Microsoft update page.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of July 24, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.