Comments on: Today’s Other Malware Threat: IE7.0.exe http://ddos.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/ A weblog dedicated to educating the community on security threats that matter Sun, 29 Jan 2012 02:23:23 +0000 hourly 1 http://wordpress.org/?v= By: » Trojan masquerades as IE 7 downloads | Zero Day | ZDNet.com http://ddos.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/comment-page-1/#comment-21249 » Trojan masquerades as IE 7 downloads | Zero Day | ZDNet.com Tue, 22 May 2007 22:34:06 +0000 http://asert.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/#comment-21249 [...] A copy of this spam that landed in my GMail inbox arrived from "admin@microsoft.com" with the subject line "Internet Explorer 7 Downloads."  Anti-virus vendors tracking the threat say the sender address and download locations are constantly changing as this spam run picks up steam. As fast as these domains appear, get spammed, and get killed, they re-appear. If you run a network stream, you can easily look for “/IE7.0.exe” with a tool like ngrep or flowgrep and look at the download sites. This one is aggressive and is going to get a lot of play. AV detection was poor earlier in the day, and it’s not much better. Names like Agent.CL and Grum are being used, but even 12 hours later the detection for it is pretty weak. It’s got an unrecognized packer and some methods that seem uncommon. [...] [...] A copy of this spam that landed in my GMail inbox arrived from "admin@microsoft.com" with the subject line "Internet Explorer 7 Downloads."  Anti-virus vendors tracking the threat say the sender address and download locations are constantly changing as this spam run picks up steam. As fast as these domains appear, get spammed, and get killed, they re-appear. If you run a network stream, you can easily look for “/IE7.0.exe” with a tool like ngrep or flowgrep and look at the download sites. This one is aggressive and is going to get a lot of play. AV detection was poor earlier in the day, and it’s not much better. Names like Agent.CL and Grum are being used, but even 12 hours later the detection for it is pretty weak. It’s got an unrecognized packer and some methods that seem uncommon. [...]

]]> By: Free AntiRootkit Software · Security to the Core | Arbor Networks Security Blog http://ddos.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/comment-page-1/#comment-11920 Free AntiRootkit Software · Security to the Core | Arbor Networks Security Blog Wed, 04 Apr 2007 14:21:48 +0000 http://asert.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/#comment-11920 [...] As a complement to a recent post I made here with a list of free online AV scanners, I’d like to share with you a list of free AntiRootkit software for your PC. Especially in light of this past week’s ANI-related malware spate and the new Grum Trojan, you should make sure that you’re always on the lookout for threats. In the past few weeks we’ve seen even more malware that was simply not detected by AV. [...] [...] As a complement to a recent post I made here with a list of free online AV scanners, I’d like to share with you a list of free AntiRootkit software for your PC. Especially in light of this past week’s ANI-related malware spate and the new Grum Trojan, you should make sure that you’re always on the lookout for threats. In the past few weeks we’ve seen even more malware that was simply not detected by AV. [...]

]]> By: Best Posts from around the Web » Today’s Other Malware Threat: IE7.0.exe http://ddos.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/comment-page-1/#comment-11427 Best Posts from around the Web » Today’s Other Malware Threat: IE7.0.exe Mon, 02 Apr 2007 18:04:17 +0000 http://asert.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/#comment-11427 [...] Original post by Jose Nazario [...] [...] Original post by Jose Nazario [...]

]]> By: TRaef06 http://ddos.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/comment-page-1/#comment-11047 TRaef06 Sun, 01 Apr 2007 09:52:06 +0000 http://asert.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/#comment-11047 Another case where relying on anti-virus signatures leaves you vulnerable. Defense in depth is the way to go. If your SPAM filters don't block it, which they should, then blocking executable downloads unless from a verified site, will keep this out - long before the anti-virus companies have created their signatures. Same thing with the Storm situation earlier in the year (2007). Another case where relying on anti-virus signatures leaves you vulnerable.

Defense in depth is the way to go. If your SPAM filters don’t block it, which they should, then blocking executable downloads unless from a verified site, will keep this out – long before the anti-virus companies have created their signatures. Same thing with the Storm situation earlier in the year (2007).

]]> By: The Grum Trojan Tips Dr.com http://ddos.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/comment-page-1/#comment-10729 The Grum Trojan Tips Dr.com Fri, 30 Mar 2007 21:10:51 +0000 http://asert.arbornetworks.com/2007/03/todays-other-malware-threat-ie70exe/#comment-10729 [...] abnoba.net 66.98.149.237 cincinnatifeet.com cyberbutt.com gc-music.com arrestingphotography.com kcmancandy.com manualshop.com.ar monella.net tvz-archive.com nottyweb.com Source: Today’s Other Malware Threat: IE7.0.exe [...] [...] abnoba.net 66.98.149.237 cincinnatifeet.com cyberbutt.com gc-music.com arrestingphotography.com kcmancandy.com manualshop.com.ar monella.net tvz-archive.com nottyweb.com Source: Today’s Other Malware Threat: IE7.0.exe [...]

]]>