As I noted yesterday in my blog, there is a new patch that addresses the animated cursor vulnerability as noted in Security Bulletin MS07-017. This patch is prevents remote code execution (so an attacker can not take over your PC remotely) delivered via a malicious Web site or viewed via a bogus e-mail.
I was asked today, how will people try to take advantage of this vulnerability? I have an answer via eWeek in their article on how malevolent hackers may try to hook users via email promising “hot pictures of britiney Speers.”
<Ahem> that’s Britney Spears, thank you. (Not that I’m a fan.)
“…Spam promising “Hot Pictures of Britiney Speers [sic]” is linking to sites hosting the Windows ANI exploit, Websense discovered today. The e-mail, coming from “Nude BritineySpeers.com,” is written in HTML and contains text that allows it to skirt anti-spam rules in the HTML comments.
“The come-on is from a server hosted in Russia that Websense says is the same one used previously by groups to install rootkits, password-stealing Trojans and other malware. Users who fall for the Britney bait and click on links in the spam are redirected to one of several sites containing hidden JavaScript. The JavaScript sends users to a site hosting Windows animated cursor exploit code.
“Without user interaction, a file is then downloaded and installed. The file, called 200.exe, looks like a new variant of a file infector with operating system hooks and spamming capabilities, Websense said in an alert.
So, what to do if you get an email offering such photos of public figures?
Delete it.
And if you haven’t, ensure that you’ve turned on Automatic Updates. For more, see my past note on how there’s no immunity from security vulnerabilities.
More info:
- Visit http://www.staysafeonline.info.
- To find out more about spyware – what it is, ways your computer can become infected, and what you can do to prevent it – watch this video on protecting your computer.
- If you’re wondering how Windows Defender compares with other Microsoft antispyware and antivirus technologies, check out this product comparison chart.
- Windows Live Safety Center – A Web service designed to help ensure the health of your computer with free scanning tools that help you get rid of unwanted software.
- Malicious Software Removal Tool – A security tool that checks your computer for specific viruses and other malicious software and helps remove any infection found. This tool alone has run more than 2 billion executions.
- Sign up for our security newsletter and receive monthly advice
- Get more online safety tips
Tags: Microsoft, security, antivirus, antispyware, Windows Defender, Britney Spears.
2 replies on “.ani exploit via e-mail: you’d think hackers would know how to spell ‘Britney Spears’”
PingBack from http://thanadon.com/news/ani-exploit-via-e-mail-youd-think-hackers-would-know-how-to-spell-britney-spears.html
Lisa Vaas of eWeek has an article today on how nearly 500 people took the bait to ‘Click Here to Get