I had reported a few weeks ago about a new varient of a worm which had surfaced in the wild as an add-on or BETA update of Microsoft Internet Explorer 7, which we all know now is the final product.
This worm or malware is making rounds by e-mail again containing the following url:
hxxp://alimov.net/images/2.jpg
Please be advised, and donot click this url if received by mail.
The mail would look somehting like this:
Characteristics:
From: admin@microsoft.com
Subject: Internet Explorer 7.0 Beta
URL:
httx://xoozee. cd/update.exe
httx://merzingo. cd/update.exe
httx://endfriends. cd/update.exe
httx://netdesks. cd/update.exe
httx://pleasedostock. hk/update.exe
httx://wordcasts. cd/update.exe
httx://abyssrecycling. co.uk/images/update.exe
httx://accentstaffing. com/images/update.exe
httx://bcweblist. com/images/update.exe
httx://actorsandactresses. co.uk/images/update.exe
httx://mikelike .cd/update.exe
It is here by advised to filter the e-mails received from admin@microsoft.com as this address has been used in the past.
update.exe itself is a downloader which will install a second stage binary upon execution.
This worm or malware is making rounds by e-mail again containing the following url:
hxxp://alimov.net/images/2.jpg
Please be advised, and donot click this url if received by mail.
The mail would look somehting like this:
Characteristics:
From: admin@microsoft.com
Subject: Internet Explorer 7.0 Beta
URL:
httx://xoozee. cd/update.exe
httx://merzingo. cd/update.exe
httx://endfriends. cd/update.exe
httx://netdesks. cd/update.exe
httx://pleasedostock. hk/update.exe
httx://wordcasts. cd/update.exe
httx://abyssrecycling. co.uk/images/update.exe
httx://accentstaffing. com/images/update.exe
httx://bcweblist. com/images/update.exe
httx://actorsandactresses. co.uk/images/update.exe
httx://mikelike .cd/update.exe
It is here by advised to filter the e-mails received from admin@microsoft.com as this address has been used in the past.
update.exe itself is a downloader which will install a second stage binary upon execution.