No. 1 Story

HP job cuts loom for Australian employees

A number of Australian employees of Hewlett-Packard are facing the loss of their jobs as the global computer giant looks to slash its worldwide workforce by up to 30,000.

read more

Related Articles

Adoption of cloud computing has reached a tipping point  - but don’t expect legacy...
In yet another blow to the Facebook IPO this week, following the withdrawal of...
Recruitment technology and social media have played a significant role in growing business in...
US researchers have found strong correlation between the increased incidence of sexually transmitted disease...
A new service pack for AVG's consumer security products adds and active Do Not...

Worm poses as Internet Explorer 7 beta download

Your IT - Home IT

A convincing email supposedly from Microsoft, inviting users to download a beta version Internet Explorer 7.0, actually links to a worm, warns security research Sophos.

The email claims to come from This e-mail address is being protected from spambots. You need JavaScript enabled to view it and has the subject line "Internet Explorer 7 Downloads". Rather than containing an infected attachment, the email contains an image linking to a file called ie7.0.exe which is infected by the W32/Grum-A worm.

"Worms like this are only succeeding in spreading because so many people have still not learnt to be suspicious of unsolicited emails, even if they claim to come from well-known companies like Microsoft," said Graham Cluley, senior technology consultant for Sophos.

"The problem is that to the casual observer the email looks genuine, and the image displayed looks near-identical to the imagery that Microsoft is using on its website to promote Internet Explorer 7.0. Clicking on the image, however, doesn't download the real beta - but malicious code straight from the hackers."

The Grum worm is an appender virus which infects executable files referenced by Run keys in the Windows Registry. When run it copies itself to <Temp>\winlogon.exe and makes changes to the Registry. It also edits the HOSTS file, injecting a thread into system.dll and attempts to patch the system files ntdll.dll and kernel32.dll.

Sophos experts note that this isn't the first time that malware has posed as a download from Microsoft.

"There have been many occasions when virus writers have coded attacks that have presented themselves as communications from Microsoft," Cluley says. "For instance, in 2003 the Gibe-F worm (also known as Swen) posed as a critical security update from the software giant, and two years ago hackers directed internet users to a bogus website masquerading as Microsoft's update page."