…it downloads a virus instead.

TrendLabs has received reports of a spammed email message that advises users to download an Internet Explorer 7 update. Below is the image attached in the said message:

However, once unsuspecting users click on this image, they are redirected instead to a Web site that downloads a file named IE7.0.exe. This file, while also legitimate-looking, is actually a file infector that Trend Micro detects as PE_GRUM.B-O.

Trend Micro always advises users to avoid clicking on links that come from untrusted sources. However, given this enhanced social engineering (it uses legitimate-looking IE7 images, etc.), I guess the lesson here is that while keeping one’s applications and programs updated is a good practice, users should just make sure that they go straight to the source (in this case, the Microsoft Web site), instead of someplace else. With the rise of Web-based threats that spoof even the “trusted” sites and/or organizations, it’s better to be safe than sorry.

Like those animated cursors? You know, the ones that embellish the normal mouse arrow pointers and are available on the Internet? Be careful when downloading and installing these on your systems, as a new Web threat has recently been detected posing as one.

TrendLabs has recently detected TROJ_ANICMOO.AX, a Trojan that arrives as a specially crafted .ANI file — yes, the same file format used by these “tricked out” cursors — and takes advantage of a newly discovered vulnerability in the way Windows handles animated cursors. Once it successfully exploits this vulnerability, TROJ_ANICMOO.AX downloads another Trojan from the URL http://220.71.{BLOCKED}.189/wincf.exe. The downloaded malware is detected as TROJ_SMALL.DRF.

Note that this malicious .ANI file may arrive as a file downloaded by unknowing users from the Internet. It may also be downloaded by HTML embedded in email messages. It only runs on Windows XP.

As of this writing, Microsoft has yet to release a security patch for this vulnerability. Trend Micro thus advises users to regularly check the Microsoft Web site for the latest patches and updates, and avoid downloading or installing files — even if they do promise cute icons and cursors — from untrusted sources.