MyAntiSpyware


WMF exploit and Phishing

Myantispyware team January 16, 2006    

F-secure labs have found a phishing scam exploiting this vulnerability. This scam works by sending out emails, urging customers of the global HSBC bank to visit a site called www[dot]jhsbc[dot]com. This domain, naturally, has nothing to with the real bank but it sounds close enough.

The site is running on a owned home computer somewhere in Illinois. This machine, connected to the net via a high-speed cable connection, is hosting or has been hosting several other phishing-related domains, including these gems that administrators might want to filter at their gateways: www[dot]i7tgg4rv[dot]com and www[dot]ll67ffgsp[dot]com, www[dot]mrhpd74e[dot]com and www[dot]pph4e32q[dot]com.

The WMF connection comes from the fact that if you visit this site (and please don’t), the front page contains an IFRAME that will try to push an exploit file called tr.wmf to your system. When that is executed, it will download a file called update.exe from the same server. This unexpected gift turns out to be a variant of the Trojan-Spy.Win32.Goldun family, which will start to collect information from the system.

Exploits & Vulnerabilities Identity Theft

 Previous Post

Spybot S&D Update 13 January 2006

Next Post 

StartupList version 2

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply

New Guides

WaveSplash Review, Motorized Float & Floatski 60% OFF?
BurnTide Reviews, Oprah Baking Soda Recipe Scam Exposed
Memovance Pro Reviews, Bill Gates Honey Shield Trick Scam Exposed, Steve Martin?
Vetdice.com Promo Codes: A Crypto Scam
scam alert
Zorevex.com Promo Codes: A Crypto Scam

Follow Us

Search

Useful Guides

Malwarebytes won’t install, run or update – How to fix it
remove chrome extension
How to remove Chrome extensions installed by enterprise policy
adwcleaner
AdwCleaner – Review, How to use, Comments
Smart Captcha Virus redirect
What is a Virus that Redirects Web Pages? A Comprehensive Guide
How to reset Mozilla Firefox (Updated Apr. 2018)

Recent Guides

Spybot S&D Update 13 January 2006
Why WMF is not a “Critical” issue on the Windows 9x platform
Symantec uses rootkit-type techniques for hide files
Belarc Advisor – Free Personal PC Audit
Spyware Block List File

Myantispyware.com

Myantispyware has been a trusted source for computer security and technology advice since 2004. Our mission is to provide reliable tech guidance and expert, practical solutions to help you stay safe online and protect your digital life.

Social Links

Pages

About Us
Contact Us
Privacy Policy

Copyright © 2004 - 2026 MASW - Myantispyware.com.