Zero Day Update: Email Lures to VML Exploits

Web Sense Security Labs reports "We are starting to see mass mailing lures for websites that are hosting VML exploit code. Most of the sites are using updated Web-Attacker code. A recent example that came to us from Message Labs appears to lure users to the site by claiming they have received a Yahoo! Greeting Card. The site downloads and installs an Internet Explorer Browser Helper Object that directs all HTTP posts from forms to a third party, and then collects information on end-users." WebsenseŽ - Security Labs Alert: Email Lures to VML Exploits

Linked by shanmuga Tuesday, 26th September 2006 8:26AM