Fake IE7 Downloads Advertised Via EMail

| | Comments (3)
There seem to be quite a few of these in circulation over the past day or so:

Download the latest version! <URL Removed>

About this mailing:
You are receiving this e-mail because you subscribed to
MSN Featured Offers. Microsoft respects your privacy.
If you do not wish to receive this MSN Featured Offers e-mail,
please click the "Unsubscribe" link below. This will not
unsubscribe you from e-mail communications from third-party
advertisers that may appear in MSN Feature Offers.
This shall not constitute an offer by MSN. MSN shall
not be responsible or liable for the advertisers' content
nor any of the goods or service advertised. Prices and item
availability subject to change without notice.

2008 Microsoft | Unsubscribe <http://www.msn.com>  |
More Newsletters <http://www.msn.com>  |
Privacy <http://www.msn.com>

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052

As you might have guessed, it's fake. Microsoft don't send out EMails asking you to download files from random, non-Microsoft websites. This:


....is not what it appears to be. Run the file, and instead of IE7, you're actually more likely to see a fake antivirus program appear on your desktop:


Click to Enlarge

By the time you see this, its probably too late.  This threat also i known to send the user fake infected alerts to provoke the victim into buying the product.  It also utilizes the Sysinterals fake Blue Screen of Death Screen Saver to scare the victim.  As you can see below, there have been several options taken out of the desktop properties window to hinder users from restoring the default settings.


This particular product is detected by us as Fake.AV, and is also being pushed quite heavily via the recent CNN videos scam. You can see another example of these emails here. There is more than one URL being used for this attack, so be alert!

Additional Research: Chris Mannon, Senior Threat Researcher


I see this problem so often on PCs I fix - thankyou for bringing it to light. The more information we can get out about fake AV spyware the better!

The link provided by Bruno looks suspicious. Be careful.

Hi Cristopher,

We must be carefull in using pc and internet right now, cause too many uncivilized and irresponsible people still roaming inside in the internet world.

Today all sorts of internet disease we faced it - spyware, adware, malware, software and do not know anything ware again will attack us in the future.

J.M.John, New York

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on August 7, 2008 3:56 PM.

Strange Digg.com Spamming was the previous entry in this blog.

Strange Russian Spam is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.