Security experts have detected a malicious trojan downloader being distributed in spoofed email messages claiming to be from Microsoft.
The email appears to come from firstname.lastname@example.org, and offers a link to download Release Candidate 1 of Microsoft Internet Explorer 7.
Clicking on the link provided in the bogus email launches a maliciously crafted website that looks very similar to a legitimate Microsoft page.
However, security firm SurfControl warned that the website installs a trojan via a browser exploit targeted at Internet Explorer and effectively creates a backdoor on infected systems.
"This threat takes advantage of the release of Internet Explorer 7 Release Candidate 1 by Microsoft last week," SurfControl warned.
Spoof Microsoft IE7 emails install trojan
By Robert Jaques on Oct 19, 2006 10:01AM