Has asus.tw been hacked again? Also, ANI Patch released.
Source: Comment to Susan's blog by Lars Nelson:
http://msmvps.com/blogs/bradley/archive/2007/03/18/sbsized-windows-2003-sp2-release-notes.aspx
"Right now, my mood is terrible, because before I could get down my first bit of coffee this morning, my Symantec AV was telling me that the ASUS website just tried to pass along the currently unpatched .ANI exploit. Yes, it appears as though ASUS has been hacked and is passing along the .ANI exploit that as I understand Microsoft has know about for a few years. See http://www.dynamoo.com/blog/ for details on the ASUS thing."
Damn it, this is not the first time that ASUS has been hacked. See this blog entry for the last incident:
http://msmvps.com/blogs/spywaresucks/archive/2006/12/16/425879.aspx
An out-of-band patch that addresses this issue has been released. I strongly recommend that as soon as the patch is released, you get it installed on all machines that you are responsible for, since we can't depend on reputable Web site owners such as ASUS to keep their sites clean.
MSRC have blogged about the release:
http://blogs.technet.com/msrc/archive/2007/04/03/ms07-017-released.aspx
One thing Lars... Microsoft has not known about the ANI exploit for "a few years". It is actually a few *months* and the patch was already slated to be distributed on 10 April - MS pushed the release forward once evidence appeared that the bad guys were trying to use it to infect the general public.
Update: It has been independently confirmed that asus.com.tv *has* been compromised, and an iframe injected into page code.