• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Exploits & Vulnerabilities › Identity Theft › WMF exploit and Phishing

WMF exploit and Phishing

Myantispyware team January 16, 2006     No Comment    

F-secure labs have found a phishing scam exploiting this vulnerability. This scam works by sending out emails, urging customers of the global HSBC bank to visit a site called www[dot]jhsbc[dot]com. This domain, naturally, has nothing to with the real bank but it sounds close enough.

The site is running on a owned home computer somewhere in Illinois. This machine, connected to the net via a high-speed cable connection, is hosting or has been hosting several other phishing-related domains, including these gems that administrators might want to filter at their gateways: www[dot]i7tgg4rv[dot]com and www[dot]ll67ffgsp[dot]com, www[dot]mrhpd74e[dot]com and www[dot]pph4e32q[dot]com.

The WMF connection comes from the fact that if you visit this site (and please don’t), the front page contains an IFRAME that will try to push an exploit file called tr.wmf to your system. When that is executed, it will download a file called update.exe from the same server. This unexpected gift turns out to be a variant of the Trojan-Spy.Win32.Goldun family, which will start to collect information from the system.

Exploits & Vulnerabilities Identity Theft

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

1FEAFBa5L496PsNHZLZ8UmAJqRkzefJ6Lq
1FEAFBa5L496PsNHZLZ8UmAJqRkzefJ6Lq Bitcoin Email Scam
Mderedpro.top
How to remove Mderedpro.top pop-ups (Virus removal guide)
Vercounsel.top
How to remove Vercounsel.top pop-ups (Virus removal guide)
igredownload.com
How to remove Igredownload.com pop ups (Virus removal guide)
Files encrypted with .pola extension
How to remove Pola ransomware, Decrypt .pola files.

Follow US

Search

Useful Guides

How to reset Mozilla Firefox (Updated Apr. 2018)
Files encrypted by ransomware become useless
How To Recover Encrypted Files (Ransomware file recovery)
DNSChanger
How to remove DNSChanger malware virus [Updated Apr. 2018]
Managed by your organization chrome virus
Chrome Managed by your organization malware removal guide
This setting is enforced by your administrator (Removal guide)

Recent Posts

Spybot S&D Update 13 January 2006
Why WMF is not a “Critical” issue on the Windows 9x platform
Symantec uses rootkit-type techniques for hide files
Belarc Advisor – Free Personal PC Audit
Spyware Block List File

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2020 My AntiSpyware - Free antispyware programs and Spyware Removal Instructions.