Fake London Olympic Site hosting Keylogger

Websense Security Labs has received reports of a malicious website which is hosting a Trojan horse keylogger. This keylogger is designed to steal end-user information when the user accesses certain online banks and e-commerce websites.

The file name of the code is "logo.wmf." This code attempts to utilize the recent Microsoft® Windows® WMF vulnerability, assuming the user has not applied the recent Windows patch to solve this issue. The code runs, without user-intervention, when the user accesses an infected website. If the code runs, it drops a file called "web.exe" onto the user's machine and runs it. This file is designed to compromise the end-users' confidential information and may also include a Trojan horse backdoor.

The site that hosts the malicious code is located in the UK and was up at the time of this alert. It is difficult to determine if the site's security has been compromised or if it was intentionally setup. The site contains little content, as it simply pulls links from the real London Olympics 2012 website. Websense® - Security Labs Alert: Crimeware: Fake London Olympic Site hosting Keylogger

Linked by shanmuga Tuesday, 24th January 2006 12:05AM