Since we last talked about Trojan.Linkoptimizer (a.k.a. Gromozon) and the Italian Spaghetti saga, there have been some significant developments. What we had originally dubbed "spaghetti threats" now look much more like multi-layered "lasagna threats". Several new features and improvements were integrated into the latest incarnation of this Trojan by the authors, who are probably getting paid well for all of their efforts.
How do users get infected with Linkoptimizer/Gromozon variants? We noticed that the complicated distribution scheme of Trojan.Linkoptimizer (shown in Figure 1) introduced a few significant changes, compared to the original scheme of the previous blog article. Here are the new things that we noticed:
New updated Symantec Removal tool:
New Internet Explorer and an old vulnerability
Last Updated: 2006-10-20 02:05:22 UTC by Bojan Zdrnja (Version: 1)
As you probably know by now, Microsoft yesterday released the final version of Internet Explorer 7; if you want to install it on your machine you can download it from http://www.microsoft.com/windows/ie/default.mspx. Microsoft also said that in couple of weeks this will be automatically pushed to all client machines through Windows Update, so if you still haven't tested your mission critical internal web applications with IE7, you better do it now.
Besides news about the final version of IE7, a lot of people are already talking about the first vulnerability for IE7, which was announced yesterday on various security mailing lists. The vulnerability is caused by an error in redirections handling with the "mhtml:" URI handler.