Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us

    Trend Micro Content Security recently came across an all-in-one attack that involves a fake postcard, a phishing site and, of course, a malware.

    A fake postcard launcher was found pretending to be Gusanito, one of the most popular Mexican greeting card services.

    After users click the link, the browser points to a Web site where users are prompted to enter their email address.

    The users then receive an email message with a link to a fake Hotmail login page. The said link leads to the phishing site hxxp://{BLOCKED}/essonicman/f4k3z/1/iniciosecion.php?

    Upon entering account information, the user is redirected to a fake postal card site, hxxp://{BLOCKED}/essonicman/f4k3z/1/Wippo-Amistad-Magica.exe, to download the malicious file Wippo-Amistad-Magica.exe, which is detected by Trend Micro as TROJ_QHOST.HQ. This Trojan overwrites entries in the HOSTS file of the victim PC to redirect users when accessing certain Web sites like www.banamex.com and www.bancomer.com.

    Trend Micro Web Threat Protection (WTP) already blocks all malicious URLs.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice