Hackers Promise ‘Nude Britney Spears’ Pix To Plant .ANI Exploit
There are problems with the patch Microsoft released Tuesday for a critical .ANI vulnerability, and hackers have launched a new spam campaign to take advantage of the flaw.
There are problems with the update Microsoft released Tuesday for a critical .ANI vulnerability, and hackers have launched a new spam campaign to take advantage of the flaw by promising nude pictures of Britney Spears to lure users to malicious sites. Deborah Hale, a handler with the Internet Storm Center, reported in the site's daily diary on Wednesday that researchers there are receiving reports of users having problems with the patch, which Microsoft pushed out a week earlier than its normal monthly Patch Tuesday release. Microsoft confirmed a problem with the patch and provided a hotfix, or a patch for the patch, when the patch was first released. Hale noted that other issues have arisen, as well, and Microsoft is investigating them.
Sophos reported in an advisory that the malicious site contains the Iffy-A Trojan that points to another piece of malware, which contains the zero-day .ANI exploit. Sophos detects this Trojan as Animoo-L. "The message is simple: You must patch your computers against this vulnerability now or risk infection," said Graham Cluley, senior technology consultant for Sophos, in a statement. "Hackers are exploiting people's tardiness in rolling out updates and looking to infect as many PCs as they can. Microsoft issued a patch for the problem yesterday, but the hackers will continue to take advantage of the critical security loophole for as long as they can."
The .ANI vulnerability involves the way Windows handles animated cursor files and could enable a hacker to remotely take control of an infected system. The bug affects all the recent Windows releases, including its new Vista operating system. Internet Explorer is the main attack vector for the exploits. Effects of that Problem : Users are being infected after visiting a malicious Web page that has embedded malware designed to take advantage of the flaw. They also can be infected if they open a specially crafted e-mail message or if they open a malicious e-mail attachment sent by a hacker. Solution : Meanwhile, security firm eEye Digital Security Inc. has brought out an unofficial and temporary fix for the problem. Who is spreading the attack code : It is suspected that several websites, including at least two hosted in China, are offering the attack code that exploits the bug. via [ IW ]