The Microsoft patch for the WMF vulnerability has now been out there for more than 10 days. However, we believe that most of the vulnerable Windows machines worldwide have not installed the patch yet. We also believe this vulnerability will continue to be used by various different attackers for months, possibly years.

Today we saw a phishing scam exploiting this vulnerability. This scam works by sending out emails, urging customers of the global HSBC bank to visit a site called www[dot]jhsbc[dot]com. This domain, naturally, has nothing to with the real bank but it sounds close enough.

The site is running on a owned home computer somewhere in Illinois. This machine, connected to the net via a high-speed cable connection, is hosting or has been hosting several other phishing-related domains. F-Secure : News from the Lab

Linked by shanmuga Monday, 16th January 2006 9:36PM