Beware of Yahoo! Greeting Cards
A new phishing scam using a fake greeting card notification message lures users to a spoofed site that contains a Trojan. The spoofed Yahoo! site hosts updated Web-Attacker VML exploit code. This example lures users to the site by claiming they have received a Yahoo! Greeting Card. The site downloads and installs an Internet Explorer Browser Helper Object that directs all HTTP posts from forms to a third party, and then collects information on end-users. The exploit is hidden in a 1x1-pixel iframe.
To date, there isn't an official patch from Microsoft fixing this security problem with VML, but users can protect themselves with an unofficial patch from ZERT. (Niels Bjergstrom)
See also:
- Alert Description from Websense
- Microsoft advisory on VML hole on heise Security
- Unofficial patch for VML vulnerability in Internet Explorer on heise Security
(ju)