USAO Home

News
Drover Sports
Search
Academics
Admissions
Financial Aid
Enrollment
Life @ USAO

Driving
Directions

Employment
Tuition & Fees
Security Report
Email USAO

Back to Information Services homepage

spacer

SPAM ALERT:

Spoofed email messages from admin@microsoft.com
** Posted on April 2nd, 2007 **

Summary: Spoofed e-mail messages from "admin@microsoft.com" contain a malicious payload.

NOTE: This alert is pertinent only for PC users running Microsoft Windows.

USAO Information Services has received numerous reports from members of the USAO campus community of e-mails that appear to come from admin@microsoft.com with links to download the beta 2 version of Microsoft Internet Explorer 7 (file name: IE7.0.exe).  The e-mails appear with the subject as "Internet Explorer 7 Downloads." 

These e-mails are NOT from Microsoft. These messages and their payload should be treated as malicious attempts to take control of your computer. A screenshot of the image inside the fake email is shown below:

Download Internet Explorer 7


If you receive an email of this nature, please take the following steps:

  • DO NOT CLICK ANY LINKS IN THE E-MAIL. The linked file (IE7.0.exe) inside the email is a virus (Virus.Win32.Grum.a) and is being hosted in multiple places around the world. These links inside the fake email will attempt to install variants of the Grum worm (i.e. virus) on your system.
  • If you clicked on links contained in the e-mail, please run an antivirus scan immediately on your computer using the Panda antivirus software that's installed on all of your office computers. Instruction on how to scan your computer with Panda Anti-virus can be obtained from here.
  • If you experience any sort of abnormal computer behavior and suspect that your computer is still infected even after the virus scan, please notify Information Services.

Technical info: The Grum worm is an appender virus which infects executable files referenced by Run keys in the Windows Registry. When run it copies itself to \winlogon.exe and makes changes to the Registry. It also edits the HOSTS file, injecting a thread into system.dll and attempts to patch the system files ntdll.dll and kernel32.dll. Infected computers may be able to spread the worm on their own via NetBIOS/SMB, SMTP, MSN Messenger, and P2P applications. Third-party e-mail services provide yet another attack vector.


Please download software updates for any software program only from the developer's website. All Microsoft Windows Updates can be securely downloaded from http://www.windowsupdate.com
 

 

Related Article:

Email Hoaxes, SPAM, & Warnings

 

 
© University of Science and Arts of Oklahoma
1727 West Alabama, Chickasha, Oklahoma USA 73018
Phone: Chickasha: (405) 224-3140      
Last Updated 16 Apr 2008 09:39 PM
spacer