A new spam run is attempting to infect users with a phony copy of Internet Explorer 7 (IE7).
The spam messages are simply titled 'Internet Explorer 7' and claim to be from Microsoft Feature Offers, a service supposedly from Microsoft.
The spam message contains no explanation other than a link reading "download the latest version!" and an "about this mailing" paragraph describing the so-called Microsoft service.
Upon clicking the download link, the user is directed to a fake browser page, which attempts to download a 136KB file known simply as 'update.exe'. The executable file in turn infects the user's machine and downloads malware.
The same Microsoft Feature Offers spam tactic was used last month in an attack that sought to install malware disguised as nude photos of actress Angelina Jolie.
The practice of disguising malware as legitimate software downloads has been popular elsewhere of late. Last week, Adobe issued an alert over a malware attack masquerading as a download page and installer for its popular Flash browser plug-in.
Both vnunet.com and Microsoft have sites where users can safely download IE7. The company also offers the browser through its built-in update service for Windows.
Fake IE7 attack surfaces
By
Shaun Nichols
on Aug 12, 2008 4:01PM
