If you receive an email offering a download of Internet Explorer 7 Beta 2, delete it. A new virus is making the rounds that comes disguised as a test version of Microsoft's current web browser.
Security experts reported no widespread damage last week, but they say the virus is notable for a couple of reasons. The email includes a convincing graphic that looks like it could really be from Microsoft, and the virus is delivered when recipients click on a link rather than in an attachment, which makes it harder to stop it from reaching in-boxes.
"The idea of sending a link seems to be a trend among attackers; it's still fairly new and it works much better than sending a file," says Mikko Hypponen, chief research officer at F-Secure.
The emails carry the subject line "Internet Explorer 7 Downloads" and appear to come from firstname.lastname@example.org. They include a blue, Microsoft-style graphic offering a download of IE 7 beta 2. Clicking the graphic will download an executable file called IE 7.exe.
The file is actually a new virus called Virus.Win32.Grum.A. It can spread by emailing itself to contacts in a user's address book. The virus tampers with registry files to ensure it gets installed, and it tries to download additional files from the internet, says Graham Cluley, a senior technology consultant for Sophos.
Other specifics were unknown yet, but such viruses often install a keystroke logger to steal personal information, and establish a network of infected computers to launch a denial of service attack, Cluley says.
"We don't know anything yet about where it is coming from," Hypponen says. "It's fairly well made and hard to analyse with normal tools."
F-Secure had received many reports of the email but few submissions of the virus itself, indicating that damage so far is limited. Cluley agrees: "I wouldn't classify this as one of the biggest viruses of the year, but that doesn't mean it isn't a threat" he says.
The virus affects only Windows users. "Microsoft is aware of this issue and is currently investigating this matter, including customer impact," a spokeswoman said via e-mail.
The final version of IE 7 was released last October, so Microsoft is not likely to be advertising a beta of the product. Users can download a real version of the software at Microsoft's Internet Explorer home page.