We received a report that an HSBC Phish is out in the internet. HSBC is an international banking institution that has offices world wide.
This Phish does not only request you to disclose sensitive information to them but also uses WMF vulnerability to install malicious software to your system. You might say that you are safe from the phishing attempt but, you will still be compromised if your system is vulnerable to WMF exploit.
If your system is still vulnerable to WMF exploit, you will end up being infected by a malicious spyware if you happen to visit the HSBC Phish.
The URL address and the snapshot of the HSBC Phish are shown below.
The WMF exploit used in this Phish is already detected by Trend as EXPL_WMF.GEN and the malicious spyware that is being downloaded by EXPL_WMF.GEN as its payload has been given the detection name TSPY_GOLDUN.BN.
The URL of the Phish has been included in the Phishtrap DB with the following details.
URL: www.jh<BLOCKED>sbc.com
Recording date: January 16, 2006
IWSS Pattern Release No.: 227
IWSS Pattern Release Date: January 20, 2006
RS/CS Pattern No.: 248
RS/CS Release Date: January 17, 2006
You must also ensure that you have the necessary patch from Microsoft and your Trend Antivirus pattern is always up to date!
