Phishing scam exploiting the Microsoft WMF vulnerability
The Microsoft patch for the WMF vulnerability has now been out there for more than 10 days. Today we saw a phishing scam exploiting this vulnerability. This scam works by sending out emails, urging customers of the global HSBC bank to visit a site called www[dot]jhsbc[dot]com. This domain, naturally, has nothing to with the real bank but it sounds close enough.
At the F-Secure blog.
[ Read more ]