Security Best Practices, Breaking News, & Updates
New trojans have surfaced that exploit a vulnerability in Windows animated cursor handling. This malware uses the ANI extension which has been rarely manipulated by malware in the past. Corporate admins should add ANI to their email blocking lists.
Users should be cautious with all HTML based email (use plain text if possible), They should also be careful to only visit trusted and mainstream websites. The ANI malware can hide within HTML code. This vulnerability in Windows will lead to a crash of the security system so that other malware will be downloaded and installed on the infected system.
Microsoft Security Advisory (935423)Vulnerability in Windows Animated Cursor Handlinghttp://www.microsoft.com/technet/security/advisory/935423.mspx
Other Security Advisorieshttp://secunia.com/advisories/24659/http://www.frsirt.com/english/advisories/2007/1151http://www.avertlabs.com/research/blog/?p=230http://www.avertlabs.com/research/blog/?p=233http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/http://research.eeye.com/html/alerts/zeroday/20070328.htmlhttp://www.us-cert.gov/current/current_activity.html#WINANIhttp://www.kb.cert.org/vuls/id/191609
AV Vendorshttp://vil.nai.com/vil/content/v_141860.htmhttp://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FANICMOO%2EAXhttp://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FANICMOO%2EAVhttp://www.sophos.com/sl/va/security/analyses/trojanimoou.htmlhttp://www.f-secure.com/v-descs/exploit_w32_ani_c.shtml