User Control Panel
Search iVirtua
Advanced/Tag Search...
Search Users...
What is iVirtua Exclusive Community?
  • An exclusive gaming industry community targeted to, and designed for Professionals, Businesses and Students in the sectors and industries of Gaming, New Media and the Web, all closely related with it's Business and Industry.
  • A Rich content driven service including articles, contributed discussion, news, reviews, networking, downloads, and debate.
  • We strive to cater for cultural influencers, technology decision makers, early adopters and business leaders in the gaming industry.
  • A medium to share your or contribute your ideas, experiences, questions and point of view or network with other colleagues here at iVirtua Community.
Guest's Communication
Live Chat
Teamspeak (VOIP) Audio Conference
Private Messages
Check your Private Messages
Themes
Choose an iVirtua Community theme to reflect your interests...
Business Theme
India/Arabic Theme

Gaming Theme
iVirtua Recommends
Fly Emirates Advertising
Microsoft fake IE7 download virus spreds fast bypass filters
Digg This Digg Topic Tag it on del.icio.us Tag topic on On del.icio.us Technorati Search Technorati Search Post to Slashdot Post to Slashdot
You are currently in Software
Post new topic Reply to topic
Fri Mar 30, 2007 7:14 pm Reply and quote this post
If you receive an e-mail offering a download of Internet Explorer 7 Beta 2, delete it. A new virus is making the rounds that comes disguised as a test version of Microsoft Corp. current Web browser.

Security experts reported no widespread damage Friday morning, but they said the virus is notable for a couple of reasons. The e-mail includes a convincing graphic that looks like it could really be from Microsoft, and the virus is delivered when recipients click on a link rather than in an attachment, which makes it harder to stop it from reaching in-boxes.

Quote:
"The idea of sending a link seems to be a trend among attackers; it's still fairly new and it works much better than sending a file,"
said Mikko Hypponen, chief research officer at F-Secure Corp.

The e-mails carry the subject line "Internet Explorer 7 Downloads" and appear to come from admin@microsoft.com. They include a blue, Microsoft-style graphic offering a download of IE 7 beta 2. Clicking the graphic will download an executable file called IE 7.exe.

Here is a screen shot of what I got in my inbox:



The file is actually a new virus called Virus.Win32.Grum.A, and security experts were still analyzing it Friday to see what it does. Sophos PLC said it can spread by e-mailing itself to contacts in a user's address book. The virus tampers with registry files to ensure it gets installed, and it tries to download additional files from the Internet, said Graham Cluley, a senior technology consultant for Sophos.

Other specifics were unknown yet, but such viruses often install a keystroke logger to steal personal information, and establish a network of infected computers to launch a denial of service attack, Cluley said.
Quote:

"We don't know anything yet about where it is coming from,"
Hypponen said. "It's fairly well made and hard to analyze with normal tools."

F-Secure had received many reports of the e-mail but few submissions of the virus itself, indicating that damage so far is limited. Cluely agreed: "I wouldn't classify this as one of the biggest viruses of the year, but that doesn't mean it isn't a threat" he said.

Detection of Win32.Grum by antivirus programs was "mediocre" on Thursday evening, according to Sunbelt Software Inc., and some big vendors were still not picking it up Friday morning, Hypponen said.

F-Secure and Sophos are blocking the virus and all major vendors are likely to do so soon, he said. Some e-mail filtering systems were also not blocking the virus on Friday morning.  It bypassed the junk filters posting to be from Microsoft, despite many TechNet and BetaCentral Microsoft newsletters, and even Office 2007 beta test official notices going straight to junk mail!

Quote:
The virus is being hosted on several servers around the world, which will increase the time it takes to identify and clean them all. They appear to be Web servers that have been hacked

Hypponen said. The SANS Internet Storm Center asked administrators to check their logs to make sure they are not hosting the file.

The virus affects only Windows users.
Quote:
Microsoft is aware of this issue and is currently investigating this matter, including customer impact

A spokeswoman said via e-mail.

Contributed by Editorial Team, Executive Management Team
372659 iVirtua Loyalty Points • View ProfileSend Private MessageBack to Top

Related Articles
Post new topic   Reply to topic


Page 1 of 1

iVirtua Latest
Latest Discussion

Discuss...
Latest Articles and Reviews

Latest Downloads
Subscribe to the iVirtua Community RSS Feed
Use RSS and get automatically notified of new content and contributions on the iVirtua Community.


Tag Cloud
access amd announced applications author based beta building business card case company content cool core course cpu create data deal dec demo design desktop developers development digital download drive email feature features file files firefox flash free future gaming google graphics hardware help industry information intel internet iphone ipod jan launch linux lol love mac market media memory million mobile money movie music net nintendo nov nvidia oct office official online patch performance playing power price product program ps3 pst publish ram release released report rss sales screen search security sep server show size software sony source speed support technology thu tue update video vista war web website wii windows work working works xbox 360 2006 2007 2008

© 2006 - 2008 iVirtua Community (UK), Part of iVirtua Media Group, London (UK). Tel: 020 8144 7222

Terms of Service and Community RulesAdvertise or Affiliate with iVirtuaRSSPress Information and Media CoverageiVirtua Version 4PrivacyContact