Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Trend Micro Content Security recently came across an all-in-one attack that involves a fake postcard, a phishing site and, of course, a malware.

    A fake postcard launcher was found pretending to be Gusanito, one of the most popular Mexican greeting card services.

    After users click the link, the browser points to a Web site where users are prompted to enter their email address.

    The users then receive an email message with a link to a fake Hotmail login page. The said link leads to the phishing site hxxp://{BLOCKED}/essonicman/f4k3z/1/iniciosecion.php?

    Upon entering account information, the user is redirected to a fake postal card site, hxxp://{BLOCKED}/essonicman/f4k3z/1/Wippo-Amistad-Magica.exe, to download the malicious file Wippo-Amistad-Magica.exe, which is detected by Trend Micro as TROJ_QHOST.HQ. This Trojan overwrites entries in the HOSTS file of the victim PC to redirect users when accessing certain Web sites like and

    Trend Micro Web Threat Protection (WTP) already blocks all malicious URLs.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice