• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Exploits & Vulnerabilities › Identity Theft › WMF exploit and Phishing

WMF exploit and Phishing

Myantispyware team January 16, 2006     No Comment    

F-secure labs have found a phishing scam exploiting this vulnerability. This scam works by sending out emails, urging customers of the global HSBC bank to visit a site called www[dot]jhsbc[dot]com. This domain, naturally, has nothing to with the real bank but it sounds close enough.

The site is running on a owned home computer somewhere in Illinois. This machine, connected to the net via a high-speed cable connection, is hosting or has been hosting several other phishing-related domains, including these gems that administrators might want to filter at their gateways: www[dot]i7tgg4rv[dot]com and www[dot]ll67ffgsp[dot]com, www[dot]mrhpd74e[dot]com and www[dot]pph4e32q[dot]com.

The WMF connection comes from the fact that if you visit this site (and please don’t), the front page contains an IFRAME that will try to push an exploit file called tr.wmf to your system. When that is executed, it will download a file called update.exe from the same server. This unexpected gift turns out to be a variant of the Trojan-Spy.Win32.Goldun family, which will start to collect information from the system.

Exploits & Vulnerabilities Identity Theft

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

Your Netflix account has been suspended Scam text
Your Netflix account has been suspended Scam Text Recovery.ffm.to
SearchIT New Tab searchresults.store
How to uninstall SearchIT New Tab from Chrome, Firefox, IE, Edge
goog.urewsawani.autos malicious
Track.clickcrystal.com pop-up redirect (Virus removal guide)
Legivenestatery.com Click Allow Scam
Legivenestatery.com Virus Removal Guide
Advaguru.com Click allow Scam
Advaguru.com Virus Removal Guide

Follow Us

Search

Useful Guides

ads by adware
How to remove Adware from Windows 10 (Virus removal guide)
Tech Support Scam
Remove Tech Support Scam pop-up virus [Microsoft & Apple Scam]
How to remove pop-up ads [Chrome, Firefox, IE, Opera, Edge]
How to remove browser hijacker virus (Chrome, Firefox, IE, Edge)
Malwarebytes won’t install, run or update – How to fix it

Recent Posts

Spybot S&D Update 13 January 2006
Why WMF is not a “Critical” issue on the Windows 9x platform
Symantec uses rootkit-type techniques for hide files
Belarc Advisor – Free Personal PC Audit
Spyware Block List File

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2022 Myantispyware.com - Free antispyware programs and Spyware Removal Instructions.