We have encountered reports of two new Yahoo phishing sites. The first one is located at geocities.com/worlds_funniest_jokes_2754. The site entails users to use Yahoo! Flickr beta. This is with reference to Yahoo’s buying of Flickr, a popular photo-sharing service. The deal was reported by CNet in an article that was published last
March 20, 2005.However, flickr remains to be a standalone service and no reports of integration to Yahoo have been seen or launched. The phish asks users to login and try the service. The link is being ‘advertised’ using IM messages via Yahoo messenger. These IM messages even come from a trusted contacts (whose contact info may have been compromised), so we suggest verifying links being sent to you. Below is a screenshot of the said site.

The second one is a phish of Yahoo 360 service. This one is also being advertised through Yahoo Messenger. The phishing site can be found at uk.geocities.com/picnic_photoalbum. Below is a screenshot of the aforementioned phish site.

The sites were already sent to our Web blocking team for the appropriate solutions.

Just another heads up for you guys. We found another proof-of-concept code that targets Microsoft Powerpoint 2003 service pack 2 (French version).

We have submitted the sample to the service team for verification. Do hold on for updates.

Update (Chachi, Sat, 05 Aug 2006 09:59:42 AM)

This is now detected as TROJ_MDROPPER.BD.

Yet another trojan downloader is being spammed.

The attahcment is a zip file named photos.zip and it has an md5 of 95f6683c43f0a6a0d8f62ebd71fea40a. Trend Micro detects this threat as TROJ_DLOADER.DJL. This downloader tries to download a file(zz60.exe) that is already being detected as TROJ_AGENT.AGN. links to Trend’s report will follow as soon as possible.

Update(Obet, Sat, 29 Jul 2006 03:50:41 AM)

More info on this malware can be found here.

We are currently receiving reports of a spammed DLOADER.

This spam has an attached file with the filename WC2905036.zip and is 3,426 bytes long and has an MD5 of 40703c51b722a48e7b19ad09c4866918. Trend Micro detects this threat as TROJ_DLOADER.DET.

Our engineers are currently analyzing the file for its behavior and will post the Virus Report in our VE as soon as possible for more details on this new threat. We will update you on this as soon as it is posted. Email details on this new threat may follow too.

Update(Obet, Fri, 28 Jul 2006 09:18:38 AM)

More information regarding this threat can be found here

Heads up Firefox web browser users out there. It’s time to update your browsers to version 1.5.0.5 which addresses several security patches. You may visit www.mozilla.org for details on the security patches.

As a workaround, users should disable java script in their Firefox browser and also to the Thunderbird mail client until they updated to the new version. Well this includes the Thunderbird mail clients since

“Thunderbird shares the browser engine with Firefox and would be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from enabling JavaScript in mail.”

Get the latest version of Firefox here or in your Firefox web browser, go to the menu tab and click on “Help” then on the drop down list select “Check for Updates…”. As of this time I don’t see a new version of Thunderbird 1.5.0.5 you may check Mozilla web site later for the update.