- Attack code released for new DNS attack
- Parts of SF network still locked out
- Basic to-do apps for iPhone, iPod touch
- Spam King pulls prison vanishing act
- SCO Group: Its future is all used up
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
If you receive an e-mail offering a download of Internet Explorer 7 Beta 2, delete it. A new virus is making the rounds that comes disguised as a test version of Microsoft current Web browser.
Security experts reported no widespread damage Friday morning, but they said the virus is notable for a couple of reasons. The e-mail includes a convincing graphic that looks like it could really be from Microsoft, and the virus is delivered when recipients click on a link rather than in an attachment, which makes it harder to stop it from reaching in-boxes.
"The idea of sending a link seems to be a trend among attackers; it's still fairly new and it works much better than sending a file," said Mikko Hypponen, chief research officer at F-Secure.
The e-mails carry the subject line "Internet Explorer 7 Downloads" and appear to come from admin@microsoft.com. They include a blue, Microsoft-style graphic offering a download of IE 7 beta 2. Clicking the graphic will download an executable file called IE 7.exe.
The file is actually a new virus called Virus.Win32.Grum.A, and security experts were still analyzing it Friday to see what it does. Sophos PLC said it can spread by e-mailing itself to contacts in a user's address book. The virus tampers with registry files to ensure it gets installed, and it tries to download additional files from the Internet, said Graham Cluley, a senior technology consultant for Sophos.
Other specifics were unknown yet, but such viruses often install a keystroke logger to steal personal information, and establish a network of infected computers to launch a denial of service attack, Cluley said.
"We don't know anything yet about where it is coming from," Hypponen said. "It's fairly well made and hard to analyze with normal tools."
F-Secure had received many reports of the e-mail but few submissions of the virus itself, indicating that damage so far is limited. Cluely agreed: "I wouldn't classify this as one of the biggest viruses of the year, but that doesn't mean it isn't a threat" he said.
Detection of Win32. Grum by antivirus programs was "mediocre" on Thursday evening, according to Sunbelt Software Inc., and some big vendors were still not picking it up Friday morning, Hypponen said.
F-Secure and Sophos are blocking the virus and all major vendors are likely to do so soon, he said. Some e-mail filtering systems were also not blocking the virus on Friday morning.
Rss FeedRss Feed
In all of these letters that you have posted, Chuck, I have yet to see one that apologizes to PZ Myers...- bullet
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comments (5)
new virusBy Anonymous on March 30, 2008, 10:24 pmI have the IE 7 virus right now in my laptop. Mc fee is doing nothing to remove it. I am stuck there is nothing I can do
Reply | Read entire comment
Microsoft IE7By GDoC63 on April 2, 2007, 11:12 pmThis is not a discussion about IE7, but about phishing utilizing E-Mail. Your perspective of something "Killing" a PC is less than the "user permissions" that have...
Reply | Read entire comment
Microsoft IE7By Jack0c on April 2, 2007, 12:21 pmI thought IE7 was the virus. It has killed quite a few PCs!
Reply | Read entire comment
Two hits on this ThursdayBy GDoC63 on March 31, 2007, 6:58 pmI got two hits on the IE7.0 Beta 2 in my inbox as of Thursday. I forwarded the message to abuse@microsoft.com as well as to the carriers for the two servers listed...
Reply | Read entire comment
New virus comes disguised as IE 7 downloadBy Microsoft Subnet on March 30, 2007, 1:09 pmIf you receive an e-mail offering a download of Internet Explorer 7 Beta 2, delete it. A new virus is making the rounds that comes disguised as a test version of...
Reply | Read entire comment
View all comments