Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

ANI based Trojans - Exploit Windows Animated Cursor handling

New trojans have surfaced that exploit a vulnerability in Windows animated cursor handling. This malware uses the ANI extension which has been rarely manipulated by malware in the past.  Corporate admins should add ANI to their email blocking lists. 

Users should be cautious with all HTML based email (use plain text if possible),  They should also be careful to only visit trusted and mainstream websites.  The ANI malware can hide within HTML code. This vulnerability in Windows will lead to a crash of the security system so that other malware will be downloaded and installed on the infected system.

Microsoft Security Advisory (935423)
Vulnerability in Windows Animated Cursor Handling

http://www.microsoft.com/technet/security/advisory/935423.mspx

Other Security Advisories
http://secunia.com/advisories/24659/
http://www.frsirt.com/english/advisories/2007/1151
http://www.avertlabs.com/research/blog/?p=230
http://www.avertlabs.com/research/blog/?p=233
http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/
http://research.eeye.com/html/alerts/zeroday/20070328.html
http://www.us-cert.gov/current/current_activity.html#WINANI
http://www.kb.cert.org/vuls/id/191609

AV Vendors
http://vil.nai.com/vil/content/v_141860.htm
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FANICMOO%2EAX
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FANICMOO%2EAV
http://www.sophos.com/sl/va/security/analyses/trojanimoou.html
http://www.f-secure.com/v-descs/exploit_w32_ani_c.shtml

Comments

Harry Waldron - Microsoft MVP Blog said:

HTML is now a little more dangerous due to an unpatched issue discovered over the weekend. Microsoft
# April 2, 2007 8:31 AM

Harry Waldron - My IT Forums Blog said:

HTML is now a little more dangerous due to an unpatched issue discovered over the weekend. Microsoft
# April 2, 2007 8:32 AM