Jun17
3:33 am (UTC-7)   |   by Ralph Hernandez (Fraud Analyst)

Trend Micro Content Security recently came across an all-in-one attack that involves a fake postcard, a phishing site and, of course, a malware.

A fake postcard launcher was found pretending to be Gusanito, one of the most popular Mexican greeting card services.

After users click the link, the browser points to a Web site where users are prompted to enter their email address.

The users then receive an email message with a link to a fake Hotmail login page. The said link leads to the phishing site hxxp://{BLOCKED}/essonicman/f4k3z/1/iniciosecion.php?

Upon entering account information, the user is redirected to a fake postal card site, hxxp://{BLOCKED}/essonicman/f4k3z/1/Wippo-Amistad-Magica.exe, to download the malicious file Wippo-Amistad-Magica.exe, which is detected by Trend Micro as TROJ_QHOST.HQ. This Trojan overwrites entries in the HOSTS file of the victim PC to redirect users when accessing certain Web sites like www.banamex.com and www.bancomer.com.

Trend Micro Web Threat Protection (WTP) already blocks all malicious URLs.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!



This entry was posted on Tuesday, June 17th, 2008 at 3:33 am and is filed under Phishing . Responses are closed, but you can trackback from your own site.



Comments are closed.


Pump-and-Dump Spammers Take On Amazon
YouTube Addicts Beware


 
TrendWatch Hijack This Web Protection Add-On
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
 



    		 
© Copyright 2009 Trend Micro Inc. All rights reserved. Legal Notice