• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

MyAntiSpyware

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

WMF exploit and Phishing

Myantispyware team January 16, 2006    

F-secure labs have found a phishing scam exploiting this vulnerability. This scam works by sending out emails, urging customers of the global HSBC bank to visit a site called www[dot]jhsbc[dot]com. This domain, naturally, has nothing to with the real bank but it sounds close enough.

The site is running on a owned home computer somewhere in Illinois. This machine, connected to the net via a high-speed cable connection, is hosting or has been hosting several other phishing-related domains, including these gems that administrators might want to filter at their gateways: www[dot]i7tgg4rv[dot]com and www[dot]ll67ffgsp[dot]com, www[dot]mrhpd74e[dot]com and www[dot]pph4e32q[dot]com.

The WMF connection comes from the fact that if you visit this site (and please don’t), the front page contains an IFRAME that will try to push an exploit file called tr.wmf to your system. When that is executed, it will download a file called update.exe from the same server. This unexpected gift turns out to be a variant of the Trojan-Spy.Win32.Goldun family, which will start to collect information from the system.

Exploits & Vulnerabilities Identity Theft

 Previous Post

Spybot S&D Update 13 January 2006

Next Post 

StartupList version 2

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply

New Guides

Split Max AC Reviews, Scam or Legit, Uncovering the Truth!
Nusayin Cooling Ace Review: Scam or Legit? What You Need to Know
Imwing Cooling Ace Reviews, Scam or Legit, Uncovering the Truth!
How to remove Amencest.co.in pop-up ads
scam alert
Don’t Get Tricked by GEROLAX.com: The Bitcoin Promo Code Scam

Follow Us

Search

Useful Guides

Tech Support Scam
Remove Tech Support Scam pop-up virus [Microsoft & Apple Scam]
How to remove browser hijacker virus (Chrome, Firefox, IE, Edge)
Managed by your organization chrome virus
Chrome Managed by your organization malware removal guide
Iphone Calendar virus spam
Iphone Calendar Virus/Spam 2022 (Removal guide)
How to reset Mozilla Firefox (Updated Apr. 2018)

Recent Guides

Spybot S&D Update 13 January 2006
Why WMF is not a “Critical” issue on the Windows 9x platform
Symantec uses rootkit-type techniques for hide files
Belarc Advisor – Free Personal PC Audit
Spyware Block List File

Myantispyware.com

Myantispyware has been a trusted source for computer security and technology advice since 2004. Our mission is to provide reliable tech guidance and expert, practical solutions to help you stay safe online and protect your digital life.

Social Links

Pages

About Us
Contact Us
Privacy Policy

Copyright © 2004 - 2024 MASW - Myantispyware.com.