Beware of Yahoo! Greeting Cards
A new phishing scam using a fake greeting card notification message lures users to a spoofed site that contains a Trojan. The spoofed Yahoo! site hosts updated Web-Attacker VML exploit code. This example lures users to the site by claiming they have received a Yahoo! Greeting Card. The site downloads and installs an Internet Explorer Browser Helper Object that directs all HTTP posts from forms to a third party, and then collects information on end-users. The exploit is hidden in a 1x1-pixel iframe.
To date, there isn't an official patch from Microsoft fixing this security problem with VML, but users can protect themselves with an unofficial patch from ZERT. (Niels Bjergstrom)
- Alert Description from Websense
- Microsoft advisory on VML hole on heise Security
- Unofficial patch for VML vulnerability in Internet Explorer on heise Security