We've received a number of reports of spam appearing to come from "admin@microsoft.com" containing a link to a file called IE7.0.exe .

This is what VirusTotal has to say about it:

Antivirus	Version	Update	Result
AhnLab-V3	2007.3.30.0	20070329	-
AntiVir	7.3.1.46	20070329	TR/Proxy.Agent.CL
Authentium	4.93.8	20070329	-
Avast	4.7.936.0	20070329	-
AVG	7.5.0.447	20070329	-
BitDefender	7.2	20070329	-
CAT-QuickHeal	9.00	20070329	(Suspicious) - DNAScan
ClamAV	devel-20070312	20070329	-
DrWeb	4.33	20070329	-
eSafe	7.0.15.0	20070329	-
eTrust-Vet	30.6.3522	20070329	-
Ewido	4.0	20070329	-
F-Prot	4.3.1.45	20070328	-
F-Secure	6.70.13030.0	20070329	Virus.Win32.Grum.a
FileAdvisor	1	20070330	-
Fortinet	2.85.0.0	20070329	suspicious
Ikarus	T3.1.1.3	20070329	-
Kaspersky	4.0.2.24	20070329	Virus.Win32.Grum.a
McAfee	4995	20070329	-
Microsoft	1.2306	20070329	-
NOD32v2	2154	20070329	-
Norman	5.80.02	20070329	-
Panda	9.0.0.4	20070329	Suspicious file
Prevx1	V2	20070330	Covert.Sys.Exec
	Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=c9a385855469
Sophos	4.16.0	20070329	-
Sunbelt	2.2.907.0	20070329	VIPRE.Suspicious
	Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
Symantec	10	20070330	Trojan Horse
TheHacker	6.1.6.080	20070323	-
UNA	1.83	20070316	-
VBA32	3.11.3	20070329	suspected of Trojan-PSW.Pinch.1 (paranoid heuristics)
VirusBuster	4.3.7:9	20070329	-
Webwasher-Gateway	6.0.1	20070329	Trojan.Proxy.Agent.CL

File:

Name	IE7.0.exe
Size	33280
md5	8e12a8281a6c6ebdbd75c26a93e69437
sha1	de94c34d51e8c04df174e27bc04eed134aca57d7
Date scanned	03/30/2007 00:22:04 (CET)

Norman Sandbox doesn't detect it and it seems to not want to run in certain virtual machines either.

Check your logs on proxy servers etc. for IE7.0.exe, it's being hosted in multiple places around the world.

Thanks to Dan, Brian, Sean, Richard and many other readers.

--
Swa Frantzen --- NET2S