Zero-day ANI exploit spreads via malicious web sites
F-Secure corporation warns computer users of the recently discovered Windows Animated Cursor Handling vulnerability, also known as the ANI exploit. The exploit was first discovered on Friday. It is related to the cursor animation files used by Windows.
Over the weekend the amount of attacks using this exploit have intensified. Majority of the attacks have been traced back to different Chinese hacker groups.
Microsoft has not yet released a patch against the vulnerability. For now, the best way for end users to protect themselves is to use an antivirus product to block the malicious ANI files.
“We’ve seen a lot of activity relating to the ANI exploit during the weekend”, says Mikko Hypponen, the Chief Research Officer at F-Secure. “This vulnerability is really tempting for the bad guys. It’s easy to modify the exploit, and it can be launched via web or email fairly easily. We hope to see Microsoft release a patch for this exploit very soon.”
Most of the activity around the ANI exploit has been via dozens of malicious websites that will attack the user if he visits the page with the most common versions of Internet Explorer. However, on Sunday the first worm using this exploit to spread was found.