Deceptive Grum Worm Lies on IE7 Beta Download
Hackers are attempting to lure users into downloading malware that pretends to be "beta" edition of IE7.
They are circulating spam mails widely that pose to be originating from email@example.com with subject lines as "Internet Explorer 7 Downloads". The e-mails project an image that invites unsuspecting users to download IE7's beta 2 version. But when users click on the apparently legitimate image they download an executable file called ie7.0.exe that contains a worm dubbed Grum-A. Theregister published this on March 30, 2007.
The Grum worm corrupts executable files that Run Keys refer in the Windows Registry. When the file is run the worm copies itself onto <Temp>\Winlogon.exe and makes alterations to the Registry. It performs deletions and changes in the HOSTS file and also tries to patch system files -ntdll.dll and kernel32.dll, as published by Tech.blorge on March 30, 2007.
According to experts the e-mail has dual notable features. First it displays a graphic that convincingly seems from Microsoft. Secondly, the spam mail delivers the virus when the recipient clicks on a link in the e-mail rather than an attachment, making its filtering harder.
Sophos' Graham Cluley told Webuser that for a casual observer the e-mail appears genuine with the graphic looking near identical to Microsoft's image, the company is using to promote IE7.0. The statement appeared in Webuser on March 30, 2007.
With the release of the complete version of IE7.0 in December 2006 many users might want to get the beta version as download.
The trick to gamble with malware pretending to be Microsoft's software downloads has been too common. For e.g. the Gibe-F (AKA Swen) worm emerging in 2003 tried to be a significant security update from Microsoft, which fooled many users. Similarly in 2005 hackers led Internet users to a rogue website posing as an update site of the software giant, as per the news published in Theregister on March 30, 2007.
In this way several virus writers have designed attacks that introduced themselves as messages from Microsoft, Cluley added.
Malware scams choose Microsoft as one of their main targets. Therefore there is the warning to e-mailers to be cautious of messages reading "Internet Explorer 7 Downloads".
Related article: Deceptive E-Mail Campaigns eBay Shutdown
» SPAMfighter News - 07-04-2007