This IE7 email does not download an update…

…it downloads a virus instead.
TrendLabs has received reports of a spammed email message that advises users to download an Internet Explorer 7 update. Below is the image attached in the said message:

However, once unsuspecting users click on this image, they are redirected instead to a Web site that downloads a file named IE7.0.exe. This file, while also legitimate-looking, is actually a file infector that Trend Micro detects as PE_GRUM.B-O.
Trend Micro always advises users to avoid clicking on links that come from untrusted sources. However, given this enhanced social engineering (it uses legitimate-looking IE7 images, etc.), I guess the lesson here is that while keeping one’s applications and programs updated is a good practice, users should just make sure that they go straight to the source (in this case, the Microsoft Web site), instead of someplace else. With the rise of Web-based threats that spoof even the “trusted” sites and/or organizations, [...]

Original post by Paul Oliveria and a wordpress plugin by Elliott

Related posts

• Zune receives a scathing review from the Chicago Sun-Times (0)
• ZUI and the Skype PKI (0)
• ZIP then, RAR now. What’s next? (0)
• ZERT patch (0)
• Zero-day de-mystified (0)