Fake Microsoft Internet Explorer 7.0 Update

A few minutes ago we discovered another spam campaign this time offering an update to Microsoft Internet Explorer 7.0. What’s interesting about this particular message is it appears to be in exactly the same format as to what was used to distribute the get_flash_update.exe as seen in some attacks. The message comes from the address admin@microsoft.comor so it appears to be. When you click on the link an executable with the filename update.exe is downloaded (this is a downloader Trojan).

http://www.virustotal.com/analisis/6f6f869b1d3ea738cdc23d07bc71ee5a

File size: 139776 bytes
MD5…: 6b50dc99f2ca5e90ef6ecef9a25c6157
SHA1..: 464d7f2e540eafc2162293ad11b28ba8b91dd21b
SHA256: 9083a161e7e9fb25bd99d814cfafa953881b1249ad079040c5faf158a3b7f203
SHA512: 1c70fe117fb7a757807484bad7ab7400427433e0b9e1cceb05c72b194cb22e7d
c25e4b5774679c3a782ad4873fdfdc931e01e3b50f53ef65f6582aa081b50896
PEiD..: –
PEInfo: PE Structure information( base data )
entrypointaddress.: 0x40254a
timedatestamp…..: 0x4898440b Tue Aug 05 12:14:03 2008
machinetype…….: 0x14c (I386)( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x33d2c 0x4a00 4.01 320f92325281cf38056300846e33e293
DATA 0x35000 0x1b020 0x1ae00 8.00 b2da8ac3f7624aaec4e58820ca98f3d1
.rsrc 0x51000 0x1000 0x600 6.54 5a86ae6138955d3b751ed9ef76093acd
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: