Hackers have created a bogus Internet Explorer 7 download site that attempts to load Trojan code onto the PCs of visiting surfers.
Traffic to the malicious website is being driven by a spoofed email message, claiming to be from firstname.lastname@example.org, offering a link to download Release Candidate 1 (RC1) of Microsoft Internet Explorer 7.
Prospective marks visit a spoof website that looks similar to Microsoft's legitimate download page for IE 7 RC1. But instead of all that Microsoft goodness, surfers visit a site loaded with Trojan downloader codes which attempt to exploit browser vulnerabilities to download malware onto their machines.
Hackers commonly trick users into visiting malicious sites or executing malware that claims to offer the latest security fixes from Microsoft. The latest attack, reported by net security firm Surfcontrol, represents an adaptation of the technique which takes advantage of the release of IE7 RC1 by Microsoft last week.
In almost related news, a Firefox fan has registered the domain IE7.com, on which he's plastered the logo for the alternative browser software. This site, unlike the spoof IE7 download site, is safe to visit. ®