A new phishing scam using a fake greeting card notification message lures users to spoofed site that contains a Trojan. This is one of several scams implementing VML IE exploits.
The spoofed Yahoo! site hosts updated Web-Attacker VML exploit code. This example lures users to the site by claiming they have received a Yahoo! Greeting Card. The site downloads and installs an Internet Explorer Browser Helper Object that directs all HTTP posts from forms to a third party, and then collects information on end-users. The exploit is hidden in a 1x1-pixel iframe.
Related links: (Open in a new window.)
www.websensesecuritylabs.com/alerts/alert.php?AlertID=633
Taken from Information Security Bulletin.