Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: More IE7 Beta spam/malware SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
More IE7 Beta spam/malware
A new wave of "Internet Explorer 7.0 Beta" spam is currently being reported. All links to an "update.exe" file, which is hosted on various URLs. The e-mail message is adopting spam methods by "hiding" the image link among chunks of text copied from web sites.

Subject: Internet Explorer 7.0 Beta

we have seen these so far (but there are likely many more):
httx://xoozee. cd/update.exe
httx://merzingo. cd/update.exe
httx://endfriends. cd/update.exe
httx://netdesks. cd/update.exe
httx://pleasedostock. hk/update.exe
httx://wordcasts. cd/update.exe
httx://accentstaffing. com/images/update.exe
httx://bcweblist. com/images/update.exe
httx://mikelike .cd/update.exe

It doesn't look like a feasable idea to block all these sites. However, you probably should filter e-mail from '' (that particular "From" address has been used in the past).

update.exe itself is a downloader which will install a second stage binary upon execution.I will be teaching next: Defending Web Applications Security Essentials - SANS Cloud Defender 2022


4309 Posts
ISC Handler
May 7th 2007

Sign Up for Free or Log In to start participating in the conversation!