Trojan masquerades as IE 7 downloads

Summary:Spammers are using fake Internet Explorer 7 (Beta 2) downloads to lure Windows users into downloading a nasty backdoor Trojan.The fake downloads are part of a massive spam run that includes an official-looking graphic (see image below) linked to Web sites that auto-launch an executable named "ie7.

Spammers are using fake Internet Explorer 7 (Beta 2) downloads to lure Windows users into downloading a nasty backdoor Trojan.

The fake downloads are part of a massive spam run that includes an official-looking graphic (see image below) linked to Web sites that auto-launch an executable named "ie7.exe."

A copy of this spam that landed in my GMail inbox arrived from "admin@microsoft.com" with the subject line "Internet Explorer 7 Downloads."  Anti-virus vendors tracking the threat say the sender address and download locations are constantly changing as this spam run picks up steam.

As fast as these domains appear, get spammed, and get killed, they re-appear. If you run a network stream, you can easily look for “/IE7.0.exe” with a tool like ngrep or flowgrep and look at the download sites. This one is aggressive and is going to get a lot of play. AV detection was poor earlier in the day, and it’s not much better. Names like Agent.CL and Grum are being used, but even 12 hours later the detection for it is pretty weak. It’s got an unrecognized packer and some methods that seem uncommon.

 

Fake IE 7 download graphic

Topics: Security, Browser, Microsoft

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.