Worm Attack Masquerades As IE7 Download Offer - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

Worm Attack Masquerades As IE7 Download Offer

E-mails display an image that invites users to download a beta of a new version of Internet Explorer 7, but instead they are hit with the Grum-A worm.

A security company issued a warning Friday about a widespread attack that's masquerading as an offer from Microsoft to download a version of Internet Explorer 7.

The e-mails, which claim to come from [email protected] and have the subject line "Internet Explorer 7 Downloads," display an image that invites users to download beta 2 of Internet Explorer 7, according to an advisory from Sophos, a security company. Users who make the mistake of clicking on the link in the message, though, instead are infected by the W32/Grum-A worm.

"Worms like this are only succeeding in spreading because so many people have still not learned to be suspicious of unsolicited e-mails, even if they claim to come from well-known companies like Microsoft," said Graham Cluley, senior technology consultant for Sophos, in a written statement. "The problem is that to the casual observer the e-mail looks genuine, and the image displayed looks near-identical to the imagery that Microsoft is using on its Web site to promote Internet Explorer 7.0. Clicking on the image, however, doesn't download the real beta, but malicious code straight from the hackers."

The Grum worm is an appender virus that infects executable files referenced by Run keys in the Windows Registry. When activated, it copies itself to \winlogon.exe and makes changes to the Registry. It also edits the HOSTS file, injecting a thread into system.dll and attempts to patch two system files.

Cluley noted in the advisory that it's an old trick for hackers to mask their attacks as communications from Microsoft. In 2003, the Gibe-F worm, which also was known as Swen, was disguised as a critical Microsoft security update, and in 2005, hackers directed duped users to a bogus and malicious Web site masquerading as a Microsoft update page.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
Commentary
Is Cloud Migration a Path to Carbon Footprint Reduction?
Joao-Pierre S. Ruth, Senior Writer,  10/5/2020
News
IT Spending, Priorities, Projects: What's Ahead in 2021
Jessica Davis, Senior Editor, Enterprise Apps,  10/2/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
Slideshows
Flash Poll