Bogus IE 7 Installs Trojan
The malicious website gathers traffic with the help of a spoof e-mail message that calls itself from email@example.com and shows a link to download 'Release Candidate1' (RC 1) of Microsoft IE 7.
By clicking on the link, a maliciously designed website appears that imitates a legitimate page of Microsoft's own website. Then it tries to take advantage of a flaw present in earlier versions of IE to allow automatic download of the Trojan Win32.Small.cxz. This installs a backdoor to facilitate communication over the Net and reports to a distant server.
Explaining a 'Trojan Downloader', security firm Sunbelt says on its website that it is a program that typically installs itself via an exploit or some other fraudulent means, which enables download or installation of other undesirable software onto the user's PC. A 'Trojan Downloader' is capable of downloading adware, spyware or other malware from several servers or sources of the Net.
The website further says that 'high risk threats' are loaded on the systems in the absence of user interaction via security exploits, which can severely diminish system security. Such threats are liable to open illegal network connections, use 'polymorphic tactics' to self-replicate, stop functioning of security software, change system files, and install more malware. These threats could also accumulate and transfer 'personally identifiable information' (PII) without the knowledge of the user and seriously blow down the performance and stability of his PC.
Another security firm, SurfControl that is trying to track the malicious 'Trojan Downloader' also explained it in the similar way. It says the 'Trojan Downloader' launches a similar looking page of the legitimate Microsoft site that installs a Trojan through a browser exploit of IE creating a backdoor on the infected system that reports to a remote server.
Related article: Bugs Swell In Browsers in 2006
» SPAMfighter News - 23-10-2006