[Steve]

A new computer virus is in circulation - it's disguised as a test version of Microsoft's Internet Explorer 7 Web browser; the e-mail includes a convincing graphic that looks like it could really be from Microsoft, and the virus is delivered when recipients click on a link rather than in an attachment, which makes it harder for anti-virus filters to stop it from reaching in-boxes. The Grum worm is an appender virus which infects executable files referenced by Run keys in the Windows Registry. When run it copies itself to <Temp>\winlogon.exe and makes changes to the Registry. It also edits the HOSTS file, injecting a thread into system.dll and attempts to patch the system files ntdll.dll and kernel32.dll.

The e-mails carry the subject line "Internet Explorer 7 Downloads" and appear to come from an email address 'admin@microsoft.com'. They include a blue, Microsoft-style graphic offering a download of IE 7 beta 2. Clicking the graphic will download an executable file called IE 7.exe. However, the file is actually a new virus called Virus.Win32.Grum.A, and security experts were still analysing it Friday to see what it does. Sophos PLC said it can spread by e-mailing itself to contacts in a user's address book. The virus tampers with registry files to ensure it gets installed, and it tries to download additional files from the Internet.

[Angela]

These e-mails are getting more and more sophisticated now. I had one from Paypal yesterday and it looked amazingly real. It's only when you hover over the link and see the address to which it takes you that you realise it's fake. It's easy to see how some people can be fooled into thinking it's genuine.

[Dave]

I never follow a link from an email. If it's from my bank, I just go to Firefox & type in the home url of the bank & login. That way you'll never get caught out