IE 7 Beta Email Installs Trojan
03-30-2007
Have You Seen Me Lately?
If you see this in your email inbox just say NO! (And delete the email).
Starting around March 29, 2007 this email was spammed to the Internet, inviting the recipient to download Internet Explorer beta (testing) version 2. In fact the link connects to a file named ie7.0.exe which if executed installs a trojan program on your computer.
We received a copy of this email last evening (03/29/07), captured the trojan file using a Linux machine and sent a copy to Sunbelt Software’s research team.
Their blog entry regarding this trojan.
Malware Scan from VirusTotal.com
Following up to see what this little package of delight contained I uploaded the archive containing the file IE7.0.exe to the malware testing utility at virustotal.com with the following results. To understand the results this list shows if a given anti-virus product identified the malware and if so as what. For example the antivirus product “BitDefender v. 7.2″ (line 6 of the results) identified the malware as “Win32.Grum.A”
Posted by mike.shafer on 03-30-2007 at 08:03 am
Posted in Current News
I just received another email like the above today and likewise downloaded the file to a Linux machine (Note: don’t try downloading the file unless you know exactly what you’re doing.) Noting that this file was different than the first one received on March 30 I ran it through VirusTotal’s scanning engine.
Results were sufficiently similar to the above that I’m not posting that here but I would note that at least several of the anti-virus products listed above didn’t note the file as infected.
Malware (malicious software) programmers have been using the technique of making small changes in the software that ultimately cause signature based anti-virus software to miss identifying the infected file as being such.