IE7 beta is the bait for Grum malware 12:44PM, Tuesday 3rd April 2007
Despite the full version of IE7 being released last October, hackers are trying to deceive users to download malware posing as a beta version of Microsoft's Internet Explorer 7.
Emails delivered to unsuspecting users pretend to come from firstname.lastname@example.org
with a subject line such as 'Internet Explorer 7 Downloads'. On the email is an image of the IE7 icon, clicking on the image downloads a file called ie7.0.exe which contains the Grum worm.
This is appender malware, which infects executable files referenced by the Windows registry. When the worm starts, it copies itself to winlogon.exe and then changes registry keys. It also adds entries to the OS's hosts file, injects a thread into the system.dll file and alters the ntdll.dll and kernel32.dll.
According to Graham Cluley, senior technology consultant at anti-virus firm Sophos, posing as a download from Microsoft is a common trick up the hacker's sleeve.
'There have been many occasions when virus writers have coded attacks that have presented themselves as communications from Microsoft,' he said. 'In 2003 the Gibe-F worm posed as a critical security update from the software giant, and two years ago hackers directed Internet users to a bogus website masquerading as Microsoft's update page.'