Britney Spears exploited by Microsoft ANI vulnerability

Sophos is urging computer users to patch their computers against a vulnerability in the way Microsoft Windows handles animated cursors (ANI) as hackers exploit the problem using pictures of pop star Britney Spears.

Emails spammed out by cybercriminals are directing internet users to hacked PHP websites with the promise of candid pictures of the troubled singer. PHP, a scripting language used by many websites, has suffered from serious security vulnerabilities in the past.

The initial campaign began on March 30 with just a link to a Russian website. The site contained a script that pointed at a zero-day exploit of Microsoft’s ANI vulnerability. At this stage the emails contained no graphics, but used different spellings of the phrase “britney spears naked” in the subject line in an attempt to avoid detection.

Since then, the hackers’ attack has evolved. In the last few days email messages with subject lines such as “Hot pictures of Britiney Speers” have been spammed out. These emails contained an embedded image of the scantily clad pop star which linked to a malicious website to activate the animated cursor exploit.

“The message is simple: you must patch your computers against this vulnerability now or risk infection. Hackers are exploiting people’s tardiness in rolling out updates and looking to infect as many PCs as they can,” said Graham Cluley, senior technology consultant for Sophos. “Microsoft issued a patch for the problem yesterday, but the hackers will continue to take advantage of the critical security loophole for as long as they can.”

Sophos experts note that this is far from the first time that Britney Spears has been used as bait in an attempt to trick innocent computer users into viral infection. An email aware worm, promising a glimpse of the pop princess, was released in February 2002. Other pin-ups like Halle Berry, Avril Lavigne, Anna Kournikova, Julia Roberts, Angelina Jolie and Brad Pitt, Jennifer Lopez and the stars of ‘Sex and the City’ have also previously been used to help viruses spread.

Don't miss