Information Security Bulletin

Beware of Yahoo! Greeting Cards

26 Sep 11:20

A new phishing scam using a fake greeting card notification message lures users to spoofed site that contains a Trojan. This is one of several scams implementing VML IE exploits.

The spoofed Yahoo! site hosts updated Web-Attacker VML exploit code. This example lures users to the site by claiming they have received a Yahoo! Greeting Card. The site downloads and installs an Internet Explorer Browser Helper Object that directs all HTTP posts from forms to a third party, and then collects information on end-users. The exploit is hidden in a 1x1-pixel iframe.

Related links: (Open in a new window.)
www.websensesecuritylabs.com/alerts/alert.php?AlertID=633

View printable version (opens in new window)
Back

Search ISB News:

Not yet sure you want to subscribe?

Download a free sample copy!

Download the much quoted October 2005 Editorial

Portal Frontpage
Web Editorial
About This Portal
Contact Info

IS Alerts
General News
Product News
Vendor News
People News
Literature
Events
CHI News

About ISB
Publishing in ISB
Advertising in ISB
PR Information

In the current issue:

Legal Issues
Of Trojans, Cheerleaders and Cuckoos…
Jon Colombo

Web Security
Web 2.0 vs. Web 1.0 – Security Standpoints and Challenges
Shreeraj Shah

Computer Forensics
Trends In Disk Drives and Data Transfer Speed
Steven Branigan