Virus disguised as Internet Explorer 7 download

A new virus is disguised as a test version of Microsoft's Internet Explorer 7 web browser.

Share

A new virus is disguised as a test version of Microsoft's Internet Explorer 7 web browser.

Security experts have warned of a virus spread via email with the subject line "Internet Explorer 7 Downloads". The emails, which appear to come from [email protected], include a convincing graphic purporting to be from Microsoft and offer a download of a beta 2 version of IE 7 – despite the fact that the final version of the browser was released last October.

The virus is delivered when recipients click on a link in the graphic rather than in an attachment. Clicking the graphic will download an executable file called IE 7.exe. The file is actually a new virus called Virus.Win32.Grum.A

Mikko Hypponen, chief research officer at F-Secure, said: "The idea of sending a link seems to be a trend among attackers; it's still fairly new and it works much better than sending a file.”

Security firm Sophos said the virus could spread by emailing itself to contacts in a user's address book. The virus tampers with registry files to ensure it gets installed, and tries to download additional files from the internet, said Graham Cluley, a senior technology consultant for Sophos.

Other specifics are still unknown, but this type of virus often installs a keystroke logger to steal personal information, and can establish a network of infected computers to launch a denial of service attack, Cluley said.

"We don't know anything yet about where it is coming from," Hypponen said. "It's fairly well made and hard to analyse with normal tools."

F-Secure had received many reports of the email but few submissions of the virus itself, indicating that damage so far is limited. Cluely agreed: "I wouldn't classify this as one of the biggest viruses of the year, but that doesn't mean it isn't a threat," he said.

The virus is being hosted on several servers around the world. They appear to be web servers that have been hacked, Hypponen said. The SANS Internet Storm Centre asked administrators to check their logs to make sure they are not hosting the file.

The virus affects only Windows users. "Microsoft is aware of this issue and is currently investigating this matter, including customer impact," a spokesperson for the software giant said..

Find your next job with computerworld UK jobs