Comments on: Today’s Other Malware Threat: IE7.0.exe http://asert.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/ A weblog dedicated to educating the community on security threats that matter Wed, 10 Mar 2010 17:00:15 -0500 http://wordpress.org/?v=abc hourly 1 By: » Trojan masquerades as IE 7 downloads | Zero Day | ZDNet.com http://asert.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/comment-page-1/#comment-21249 » Trojan masquerades as IE 7 downloads | Zero Day | ZDNet.com Tue, 22 May 2007 22:34:06 +0000 http://asert.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/#comment-21249 [...] A copy of this spam that landed in my GMail inbox arrived from "admin@microsoft.com" with the subject line "Internet Explorer 7 Downloads."  Anti-virus vendors tracking the threat say the sender address and download locations are constantly changing as this spam run picks up steam. As fast as these domains appear, get spammed, and get killed, they re-appear. If you run a network stream, you can easily look for “/IE7.0.exe” with a tool like ngrep or flowgrep and look at the download sites. This one is aggressive and is going to get a lot of play. AV detection was poor earlier in the day, and it’s not much better. Names like Agent.CL and Grum are being used, but even 12 hours later the detection for it is pretty weak. It’s got an unrecognized packer and some methods that seem uncommon. [...] [...] A copy of this spam that landed in my GMail inbox arrived from "admin@microsoft.com" with the subject line "Internet Explorer 7 Downloads."  Anti-virus vendors tracking the threat say the sender address and download locations are constantly changing as this spam run picks up steam. As fast as these domains appear, get spammed, and get killed, they re-appear. If you run a network stream, you can easily look for “/IE7.0.exe” with a tool like ngrep or flowgrep and look at the download sites. This one is aggressive and is going to get a lot of play. AV detection was poor earlier in the day, and it’s not much better. Names like Agent.CL and Grum are being used, but even 12 hours later the detection for it is pretty weak. It’s got an unrecognized packer and some methods that seem uncommon. [...]

]]> By: Free AntiRootkit Software · Security to the Core | Arbor Networks Security Blog http://asert.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/comment-page-1/#comment-11920 Free AntiRootkit Software · Security to the Core | Arbor Networks Security Blog Wed, 04 Apr 2007 14:21:48 +0000 http://asert.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/#comment-11920 [...] As a complement to a recent post I made here with a list of free online AV scanners, I’d like to share with you a list of free AntiRootkit software for your PC. Especially in light of this past week’s ANI-related malware spate and the new Grum Trojan, you should make sure that you’re always on the lookout for threats. In the past few weeks we’ve seen even more malware that was simply not detected by AV. [...] [...] As a complement to a recent post I made here with a list of free online AV scanners, I’d like to share with you a list of free AntiRootkit software for your PC. Especially in light of this past week’s ANI-related malware spate and the new Grum Trojan, you should make sure that you’re always on the lookout for threats. In the past few weeks we’ve seen even more malware that was simply not detected by AV. [...]

]]> By: Best Posts from around the Web » Today’s Other Malware Threat: IE7.0.exe http://asert.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/comment-page-1/#comment-11427 Best Posts from around the Web » Today’s Other Malware Threat: IE7.0.exe Mon, 02 Apr 2007 18:04:17 +0000 http://asert.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/#comment-11427 [...] Original post by Jose Nazario [...] [...] Original post by Jose Nazario [...]

]]> By: TRaef06 http://asert.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/comment-page-1/#comment-11047 TRaef06 Sun, 01 Apr 2007 09:52:06 +0000 http://asert.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/#comment-11047 Another case where relying on anti-virus signatures leaves you vulnerable. Defense in depth is the way to go. If your SPAM filters don't block it, which they should, then blocking executable downloads unless from a verified site, will keep this out - long before the anti-virus companies have created their signatures. Same thing with the Storm situation earlier in the year (2007). Another case where relying on anti-virus signatures leaves you vulnerable.

Defense in depth is the way to go. If your SPAM filters don’t block it, which they should, then blocking executable downloads unless from a verified site, will keep this out – long before the anti-virus companies have created their signatures. Same thing with the Storm situation earlier in the year (2007).

]]> By: The Grum Trojan Tips Dr.com http://asert.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/comment-page-1/#comment-10729 The Grum Trojan Tips Dr.com Fri, 30 Mar 2007 21:10:51 +0000 http://asert.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/#comment-10729 [...] abnoba.net 66.98.149.237 cincinnatifeet.com cyberbutt.com gc-music.com arrestingphotography.com kcmancandy.com manualshop.com.ar monella.net tvz-archive.com nottyweb.com Source: Today’s Other Malware Threat: IE7.0.exe [...] [...] abnoba.net 66.98.149.237 cincinnatifeet.com cyberbutt.com gc-music.com arrestingphotography.com kcmancandy.com manualshop.com.ar monella.net tvz-archive.com nottyweb.com Source: Today’s Other Malware Threat: IE7.0.exe [...]

]]> By: Anonymous http://asert.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/comment-page-1/#comment-10710 Anonymous Fri, 30 Mar 2007 19:32:48 +0000 http://asert.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/#comment-10710 <strong>Todays Other Malware Threat: IE7.0.exe...</strong> Lest you think that the ANI thing was the only thing going on today, youd miss the other part of todays entertainment. Theres a new Trojan spam going around trying to entice you to download MSFT IE7.0 Beta 2 (never mind that its been released). This is... Todays Other Malware Threat: IE7.0.exe…

Lest you think that the ANI thing was the only thing going on today, youd miss the other part of todays entertainment. Theres a new Trojan spam going around trying to entice you to download MSFT IE7.0 Beta 2 (never mind that its been released). This is…

]]> By: beforeyoukillyourcomputer.com » Blog Archive » IE7 Trojan on the loose http://asert.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/comment-page-1/#comment-10676 beforeyoukillyourcomputer.com » Blog Archive » IE7 Trojan on the loose Fri, 30 Mar 2007 16:36:44 +0000 http://asert.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/#comment-10676 [...] Source [...] [...] Source [...]

]]> By: zuneone http://asert.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/comment-page-1/#comment-10638 zuneone Fri, 30 Mar 2007 14:19:56 +0000 http://asert.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/#comment-10638 I got two of those e-mails and deleted them. Easy to spot as spam visually but they were not blocked by my filter. Good thing I already use IE7! I got two of those e-mails and deleted them. Easy to spot as spam visually but they were not blocked by my filter. Good thing I already use IE7!

]]> By: BTT | Blog The Tech » Blog Archive » Today's Other Malware Threat: IE7.0.exe (Jose Nazario/Security to the Core) http://asert.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/comment-page-1/#comment-10636 BTT | Blog The Tech » Blog Archive » Today's Other Malware Threat: IE7.0.exe (Jose Nazario/Security to the Core) Fri, 30 Mar 2007 14:16:22 +0000 http://asert.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/#comment-10636 [...] Today’s Other Malware Threat: IE7.0.exe  —  Lest you think that the ANI thing was the only thing going on today, you’d miss the other part of today’s entertainment.  There’s a new Trojan spam going around trying to entice you to download MSFT IE7.0 Beta 2 (never mind that it’s been released). Source:   Security to the Core | Arbor Networks Security Blog Author:   Jose Nazario Link:   http://asert.arbornetworks.com/2007/03/todays-other… Techmeme permalink [...] [...] Today’s Other Malware Threat: IE7.0.exe  —  Lest you think that the ANI thing was the only thing going on today, you’d miss the other part of today’s entertainment.  There’s a new Trojan spam going around trying to entice you to download MSFT IE7.0 Beta 2 (never mind that it’s been released). Source:   Security to the Core | Arbor Networks Security Blog Author:   Jose Nazario Link:   http://asert.arbornetworks.com/2007/03/todays-other&hellip; Techmeme permalink [...]

]]> By: Liquidmatrix Security Digest » Your March 30th Morning Coffee http://asert.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/comment-page-1/#comment-10632 Liquidmatrix Security Digest » Your March 30th Morning Coffee Fri, 30 Mar 2007 13:54:17 +0000 http://asert.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/#comment-10632 [...] Today’s Other Malware Threat: IE7.0.exe [...] [...] Today’s Other Malware Threat: IE7.0.exe [...]

]]>