Original URL: http://www.channelregister.co.uk/2006/10/18/hack_site_spoofs_ie7_download/
Hackers have created a bogus Internet Explorer 7 download site that attempts to load Trojan code onto the PCs of visiting surfers.
Traffic to the malicious website is being driven by a spoofed email message, claiming to be from support@microsoft.com, offering a link to download Release Candidate 1 (RC1) of Microsoft Internet Explorer 7.
Prospective marks visit a spoof website that looks similar to Microsoft's legitimate download page for IE 7 RC1. But instead of all that Microsoft goodness, surfers visit a site loaded with Trojan downloader codes which attempt to exploit browser vulnerabilities to download malware onto their machines.
Hackers commonly trick users into visiting malicious sites or executing malware that claims to offer the latest security fixes from Microsoft. The latest attack, reported by net security firm Surfcontrol, represents an adaptation of the technique which takes advantage of the release of IE7 RC1 by Microsoft last week.
In almost related news, a Firefox fan has registered the domain IE7.com (http://www.ie7.com), on which he's plastered the logo for the alternative browser software. This site, unlike the spoof IE7 download site, is safe to visit. ®
Malware authors subvert Windows Update (11 May 2007)
http://www.channelregister.co.uk/2007/05/11/vxers_subverts_windows_update/
Grum worm poses as IE7 beta (30 March 2007)
http://www.channelregister.co.uk/2007/03/30/grum_worm/
Attackers end-run around IE security (8 November 2006)
http://www.channelregister.co.uk/2006/11/08/ie_security_analysis/
IE7 spoofing bug pops up (26 October 2006)
http://www.channelregister.co.uk/2006/10/26/ie7_spoofing_bug/
MS and researchers split hairs over first IE7 flaw (20 October 2006)
http://www.channelregister.co.uk/2006/10/20/ie7_flaw_dispute/
Information disclosure bug blights IE7 release (19 October 2006)
http://www.channelregister.co.uk/2006/10/19/ie7_first_bug/
IE7 unleashed (19 October 2006)
http://www.channelregister.co.uk/2006/10/19/ie7_release/
Web viruses drop off despite IE exploit flap (18 October 2006)
http://www.channelregister.co.uk/2006/10/18/malware_trends_scansafe/
IE7 to debut in October (10 October 2006)
http://www.channelregister.co.uk/2006/10/10/ie7_release_latest/
Another day, another zero-day MS exploit (28 September 2006)
http://www.channelregister.co.uk/2006/09/28/0-day_powerpoint_threat/
ActiveX security faces storm before calm (2 August 2006)
http://www.channelregister.co.uk/2006/08/02/activex_security_storm/
MS releases third beta for IE7 (30 June 2006)
http://www.channelregister.co.uk/2006/06/30/ie7_beta3/
Attack code follows patch update (15 June 2006)
http://www.channelregister.co.uk/2006/06/15/patch_tuesday_virus_wednesday/
Update glitch spins out IE7 beta testers (19 December 2005)
http://www.channelregister.co.uk/2005/12/19/ie7beta_patch_glitch/
Microsoft may look again at virus notification (17 November 2005)
http://www.channelregister.co.uk/2005/11/17/ms_virus_warnings/
Trojan leaps from bogus Windows Update site (8 April 2005)
http://www.channelregister.co.uk/2005/04/08/fake_windows_update_ruse/
© Copyright 2008