We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

'IE 7.0 beta 2' download virus hits inboxes

Virus disguised as Internet Explorer 7.0 update

A virus is doing the rounds disguised as a test version of Microsoft's current web browser Internet Explorer 7.0. If you get an email offering a download of IE 7.0 Beta 2, delete it.

The final version of IE 7.0 was released only last October, so Microsoft is unlikely to be advertising a beta of the product. Users can download a real version of the software at Microsoft's Internet Explorer home page.

No widespread damage from the virus was reported this morning, but experts say it is notable for two reasons. The email includes a convincing graphic that looks like it really could be from Microsoft, and the virus is delivered when users click on a link rather than in an attachment. This makes it harder to filter it out before it reaches inboxes.

"The idea of sending a link seems to be a trend among attackers; it's still fairly new and it works much better than sending a file," said Mikko Hypponen, chief research officer at F-Secure Corp.

The email messages are titled: "Internet Explorer 7 Downloads" and appear to come from [email protected] They include a blue, Microsoft-style graphic offering a download of IE 7 beta 2. Clicking the graphic will download an executable file called IE 7.exe.

The file is actually a virus - Virus.Win32.Grum.A.

More Windows security news, click here

Sophos PLC said it can spread by emailing itself to contacts in a user's address book. The virus tampers with registry files to ensure it gets installed and it tries to download additional files from the Internet, said Graham Cluley, a senior technology consultant for Sophos.

Other specifics are unknown as yet, but such viruses often install a keystroke logger to steal personal information. They can also establish a network of infected computers to launch a denial of service attack, Cluley said.

"We don't know anything yet about where it is coming from," Hypponen said. "It's fairly well made and hard to analyse with normal tools."

F-Secure had received many reports of the email but few submissions of the virus itself, indicating that damage so far is limited.

Cluely agreed: "I wouldn't classify this as one of the biggest viruses of the year, but that doesn't mean it isn't a threat," he said.

Detection of Win32.Grum by antivirus programs was "mediocre" on Thursday evening, according to Sunbelt Software. Some big vendors were still not picking it up Friday morning, Hypponen said.

F-Secure and Sophos are blocking the virus and all major vendors are likely to do so soon, he said. Some email-filtering systems were also not blocking the virus on Friday morning.

The virus is being hosted on several servers around the world, which will increase the time it takes to identify and clean them all. They appear to be web servers that have been hacked, Hypponen said. The SANS Internet Storm Center asked administrators to check their logs to make sure they are not hosting the file.

The virus affects only Windows users. "Microsoft is aware of this issue and is currently investigating this matter, including customer impact," a spokeswoman said via email.


IDG UK Sites

iPad mini 3 vs iPad mini 2 comparison: New iPad mini 3 isn't worth £80 more

IDG UK Sites

Why you shouldn't buy the iPad mini 3: No wonder Apple gave it 10 seconds of stage time

IDG UK Sites

Halloween Photoshop tutorials: 13 masterclasses for horrifying art, designs and type

IDG UK Sites

Should I upgrade from Mavericks to OS X 10.10 Yosemite? What you need to know before updating to...