Sophos has warned email users of a prevalent nasty attack, which is claimed to be disguised as an invitation from Microsoft to make a download of a beta version of Internet Explorer 7.0. The emails, purporting to have been sent by admin@microsoft.com, is read as “Internet Explorer 7 Downloads”, and show an image, which encourages users to make a download of beta 2 of Internet Explorer 7. But in actual fact when the image is clicked by the users a malicious file named as ie7.0.exe, is downloaded that is infested by the Grum-A worm.
The Grum-A worm is an appender virus, which contaminates executable files referenced by Run keys in the Windows Registry. When run, it copies itself to \winlogon.exe and makes changes to the Registry. It also edits the HOSTS file, injecting a thread into system.dll, and attempts to patch the system files ntdll.dll and kernel32.dll.
Experts at Sophos say that this isn’t the first time that any malware has masqueraded as a download from Microsoft. They maintain that en-number of times earlier; virus designers have coded attacks posing themselves as communications from Microsoft. For example, in 2003 the Gibe-F worm, also called Swen, masked as a dangerous security update from Redmond based software giant, plus two years back hackers landed web users to a false website disguising as Microsoft’s update page.
