Saturday, August 9, 2008

Fake IE7 Update

Recently I received several emails with subject "Internet Explorer 7", this is a fake IE7 update. When you clicked the link in this mail, it will download "update.exe" to local system, please be careful.

An email of fake IE7 update as below:

Fake IE7 update email header as below:

After clicked the links in mail, it will display as below:

After executed in VMWare, it displays an error as below:

Google Search finds nothing as below:

McAfee SiteAdvisor finds nothing as below:

Trend Micro WRS can find it as below:

finjan URL analysis finds nothing as below:

Dr.Web URL analysis can find it as below:

The following test result is from VirusTotal (Result: 32/36 (88.89%)):

File update.exe received on 08.09.2008 00:30:56 (CET)

AhnLab-V3: Win32/Zhelatin.worm.139776.QM
AntiVir: TR/Dldr.Small.aafh
Authentium: W32/Downldr2.DIFM
Avast: Win32:Trojan-gen {Other}
AVG: Downloader.Generic7.AEHX
BitDefender: Trojan.FakeAlert.YK
CAT-QuickHeal: TrojanDownloader.Small.aafh
ClamAV: Trojan.Fakealert-446
DrWeb: Trojan.Fakealert.995
eSafe: Suspicious File
eTrust-Vet: Win32/Bugnraw.CC
F-Prot: W32/Downldr2.DIFM
F-Secure: Trojan-Downloader.Win32.Small.aafh
Fortinet: W32/FakeAle.AAFH!tr.dldr
GData: Trojan-Downloader.Win32.Small.aafh
Ikarus: Trojan-Downloader.Win32.Small.aafh
Kaspersky: Trojan-Downloader.Win32.Small.aafh
McAfee: Generic FakeAlert.a
Microsoft: TrojanDownloader:Win32/Renos.DI
NOD32v2: Win32/TrojanDownloader.FakeAlert.DJ
Norman: W32/Renos.dam
Panda: Adware/Antivirus2008XP
PCTools: Trojan-Downloader.Small!sd6
Prevx1: Malicious Software
Sophos: Troj/FakeAle-EF
Sunbelt: Trojan.Unidentified.Gen.AT
Symantec: Trojan.Dropper
VBA32: Trojan-Downloader.Win32.renos.adx
ViRobot: Trojan.Win32.Downloader.139776.C
VirusBuster: Trojan.FakeAlert.FV
Webwasher-Gateway: Trojan.Dldr.Small.aafh

Additional information
MD5: 6b50dc99f2ca5e90ef6ecef9a25c6157
SHA1: 464d7f2e540eafc2162293ad11b28ba8b91dd21b
SHA256: 9083a161e7e9fb25bd99d814cfafa953881b1249ad079040c5faf158a3b7f203
SHA512: 1c70fe117fb7a757807484bad7ab7400427433e0b9e1cceb05c72b194cb22e7dc25e4b5774679c3a782ad4873fdfdc931e01e3b50f53ef65f6582aa081b50896

Related News:

Fake Microsoft Internet Explorer 7.0 Update
Fake IE 7.0 Update: Full Analysis


Anonymous said...

Anonymous said...

Search-and-destroy is one of the best options.
Search-and-destroy is one of the best options available when you are searching for protection for your computer that you can trust. I know because I have tried many different types of scans in the past and the biggest difference I have found between them is the price. I found the antispyware solution from Search-and-destroy to be a great option that is affordable and easy to use. Visit to learn more about this scan and what it can do for you. If you are like me, you will be glad that you took the time to check it out.