Sophos, a world leader in IT security and control, has warned
email users of a widespread malicious attack that poses as an
invitation from Microsoft to download a beta version of Internet
Explorer 7.0.
The emails, which claim to come from admin@microsoft.com and
have the subject line "Internet Explorer 7 Downloads", display an
image which invites users to download beta 2 of Internet Explorer
7. However, users who click on the image will download a file
called ie7.0.exe which is infected by the W32/Grum-A worm.
The spam email pretends to come from
Microsoft.
"Worms like this are only succeeding in spreading because so
many people have still not learnt to be suspicious of unsolicited
emails, even if they claim to come from well-known companies like
Microsoft," said Graham Cluley, senior
technology consultant for Sophos. "The problem is that to the
casual observer the email looks genuine, and the image displayed
looks near-identical to the imagery that Microsoft is using on its
website to promote Internet Explorer 7.0. Clicking on the image,
however, doesn't download the real beta - but malicious code
straight from the hackers."
The Grum worm is an appender virus which infects executable
files referenced by Run keys in the Windows Registry. When run it
copies itself to <Temp>\winlogon.exe and makes changes to the
Registry. It also edits the HOSTS file, injecting a thread into
system.dll and attempts to patch the system files ntdll.dll and
kernel32.dll.
Sophos experts note that this isn't the first time that malware
has posed as a download from Microsoft.
"There have been many occasions when virus writers have coded
attacks that have presented themselves as communications from
Microsoft," continued Cluley. "For instance, in 2003 the Gibe-F
worm (also known as Swen) posed as a
critical security update from the software giant, and two years ago
hackers directed internet users to a bogus
website masquerading as Microsoft's update page."
Sophos customers have been protected against the Grum worm since
00:30 GMT on 30 March 2007.
Sophos recommends companies automatically update their corporate
virus protection, and run a consolidated
solution to defend against viruses, spyware and spam.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.