Malware Disguised as IE7 Update

How ironic - malware distributors are using the vulnerabilities inherent in IE (and other browsers) to distribute malware purporting to be an Internet Explorer update!

The spammers did a few things to make the message appear to be legitimately from Microsoft, spoofing a Microsoft from address, and copy-pasting the MSN text into the bottom. Of course, Microsoft or MSN would never send out such a badly designed email, especially if it’s HTML-based (this has to be an HTML email since they used big colored fonts for the hyperlink, and you can’t see the actual URLs; in a plain text email you’d see the URLs written out with “http://….”) but some people might not realize that, and inadvertently click on the link, only to find themselves downloading paris-nude-video.avi.exe. Jeez- couldn’t they at least change the name of the file to something more Microsoft IE-related? The nude-video stuff gives it away in a second.