.ani exploit via e-mail: you’d think hackers would know how to spell ‘Britney Spears’

As I noted yesterday in my blog, there is a new patch that addresses the animated cursor vulnerability as noted in Security Bulletin MS07-017. This patch is prevents remote code execution (so an attacker can not take over your PC remotely) delivered via a malicious Web site or viewed via a bogus e-mail.

I was asked today, how will people try to take advantage of this vulnerability? I have an answer via eWeek in their article on how malevolent  hackers may try to hook users via email promising “hot pictures of britiney Speers.” 

<Ahem> that’s Britney Spears, thank you. (Not that I’m a fan.)

“…Spam promising “Hot Pictures of Britiney Speers [sic]” is linking to sites hosting the Windows ANI exploit, Websense discovered today. The e-mail, coming from “Nude,” is written in HTML and contains text that allows it to skirt anti-spam rules in the HTML comments.

“The come-on is from a server hosted in Russia that Websense says is the same one used previously by groups to install rootkits, password-stealing Trojans and other malware. Users who fall for the Britney bait and click on links in the spam are redirected to one of several sites containing hidden JavaScript. The JavaScript sends users to a site hosting Windows animated cursor exploit code.

“Without user interaction, a file is then downloaded and installed. The file, called 200.exe, looks like a new variant of a file infector with operating system hooks and spamming capabilities, Websense said in an alert.

So, what to do if you get an email offering such photos of public figures?

Delete it.

And if you haven’t, ensure that you’ve turned on Automatic Updates. For more, see my past note on how there’s no immunity from security vulnerabilities.

More info:

Tags: , , , , , .

2 replies on “.ani exploit via e-mail: you’d think hackers would know how to spell ‘Britney Spears’”

Comments are closed.