NEWS FROM THE LAB - Thursday, March 29, 2007

More vulnerabilities, ANI-one? Posted by Ian @ 19:45 GMT

Animated Icons

There are new reports of targeted attacks using a vulnerability in the way Microsoft Windows handles animated cursor (.ANI) files.

These animated cursor files can be hosted on websites and will be triggered upon visiting such sites. They can also be embedded in specially crafted e-mails or attachments within the e-mail.

Microsoft has released a security advisory regarding this.

A sample that is possibly related to this has been obtained and is detected as Exploit:W32/Ani.C since update 2007-03-29_09. This sample downloads a copy of a Trojan that has already been detected as Trojan-Downloader.Win32.Small.ELA.

Until a patch is released, exercise caution when surfing and opening attachments in e-mail.