Brandon Posted January 24, 2006 Report Share Posted January 24, 2006 Websense Security® Labs™ has received reports of a malicious website which is hosting a Trojan horse keylogger. This keylogger is designed to steal end-user information when the user accesses certain online banks and e-commerce websites. The file name of the code is "logo.wmf." This code attempts to utilize the recent Microsoft® Windows® WMF vulnerability, assuming the user has not applied the recent Windows patch to solve this issue. The code runs, without user-intervention, when the user accesses an infected website. If the code runs, it drops a file called "web.exe" onto the user's machine and runs it. This file is designed to compromise the end-users' confidential information and may also include a Trojan horse backdoor.The site that hosts the malicious code is located in the UK and was up at the time of this alert. It is difficult to determine if the site's security has been compromised or if it was intentionally setup. The site contains little content, as it simply pulls links from the real London Olympics 2012 website.Screenshots on the website.http://www.websensesecuritylabs.com/alerts...php?AlertID=404 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.