Comments on: Any ANI File Could Infect You! http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/ A weblog dedicated to educating the community on security threats that matter Wed, 17 Mar 2010 18:21:30 -0400 http://wordpress.org/?v=abc hourly 1 By: Philosophically Secure » Blog Archive » The Microsoft .ANI Vulnerability http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/comment-page-1/#comment-225966 Philosophically Secure » Blog Archive » The Microsoft .ANI Vulnerability Fri, 04 Sep 2009 18:06:40 +0000 http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/#comment-225966 [...] Arbor Networks sees it being exploited in the wild [...] [...] Arbor Networks sees it being exploited in the wild [...]

]]> By: Diane http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/comment-page-1/#comment-208325 Diane Wed, 06 May 2009 13:07:42 +0000 http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/#comment-208325 It sounds like you're creating problems yourself by trying to solve this issue instead of looking at why their is a problem in the first place. It sounds like you’re creating problems yourself by trying to solve this issue instead of looking at why their is a problem in the first place.

]]> By: Jacqui http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/comment-page-1/#comment-13123 Jacqui Tue, 10 Apr 2007 14:31:25 +0000 http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/#comment-13123 Also this is being hosted on domains yata.com.au and spybiz4u.com and possibly a number of others for use in drive by downloads. I've just found your advisory after coming from an affected forum and confirmed the yata domain by searching for the .exe file on there via a remote program. Also this is being hosted on domains yata.com.au and spybiz4u.com and possibly a number of others for use in drive by downloads. I’ve just found your advisory after coming from an affected forum and confirmed the yata domain by searching for the .exe file on there via a remote program.

]]> By: R. Kerns http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/comment-page-1/#comment-12416 R. Kerns Fri, 06 Apr 2007 17:31:01 +0000 http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/#comment-12416 Of course after some review of the discovered exploit code what do I see in reporting TODAY! Really find it funny as I am a World of Warcrack player as well... From BBC reporting at http://news.bbc.co.uk/2/hi/technology/6526851.stm "Analysis of that malicious software showed that it lay dormant on a victims machine until they ran World of Warcraft (WoW) at which point it captured login data and sent it to the hacking group. " "Research by security firm Symantec suggests that the raw value of a WoW account is now higher than a credit card and its associated verification data. One card can be sold for up to $6 (£3) suggests Symantec, but a WoW account will be worth at least $10. An account that has several high level characters associated with it could be worth far more as the gold and rare items can be sold for real cash. " Of course after some review of the discovered exploit code what do I see in reporting TODAY! Really find it funny as I am a World of Warcrack player as well…

From BBC reporting at http://news.bbc.co.uk/2/hi/technology/6526851.stm

“Analysis of that malicious software showed that it lay dormant on a victims machine until they ran World of Warcraft (WoW) at which point it captured login data and sent it to the hacking group. ” “Research by security firm Symantec suggests that the raw value of a WoW account is now higher than a credit card and its associated verification data.

One card can be sold for up to $6 (£3) suggests Symantec, but a WoW account will be worth at least $10. An account that has several high level characters associated with it could be worth far more as the gold and rare items can be sold for real cash. “

]]> By: Magically Delicious » The Microsoft .ANI Vulnerability http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/comment-page-1/#comment-12194 Magically Delicious » The Microsoft .ANI Vulnerability Thu, 05 Apr 2007 16:35:06 +0000 http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/#comment-12194 [...] Arbor Networks sees it being exploited in the wild [...] [...] Arbor Networks sees it being exploited in the wild [...]

]]> By: .:Computer Defense:. » Double Your Pleasure, Double Your Fun. Two MS Tuesdays are Better than One! http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/comment-page-1/#comment-11242 .:Computer Defense:. » Double Your Pleasure, Double Your Fun. Two MS Tuesdays are Better than One! Mon, 02 Apr 2007 03:33:46 +0000 http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/#comment-11242 [...] So I just checked my email… (I try to go anti-computer on the weekends these days… at least for a little while while I unwind and relax) and there’s an email from Microsoft informing customers that they will be releasing a patch on Tuesday, April 3rd. Now I suppose it could be an April Fool’s day joke but I don’t think Microsoft would send out a full blown Advanced Notification for a prank… I’m guessing they are pressured by the release of third party patches for the ANI issue by eEye and ZERT. [...] [...] So I just checked my email… (I try to go anti-computer on the weekends these days… at least for a little while while I unwind and relax) and there’s an email from Microsoft informing customers that they will be releasing a patch on Tuesday, April 3rd. Now I suppose it could be an April Fool’s day joke but I don’t think Microsoft would send out a full blown Advanced Notification for a prank… I’m guessing they are pressured by the release of third party patches for the ANI issue by eEye and ZERT. [...]

]]> By: Harry Waldron - My IT Forums Blog : ANI based Trojans - Exploit Windows Animated Cursor handling http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/comment-page-1/#comment-10707 Harry Waldron - My IT Forums Blog : ANI based Trojans - Exploit Windows Animated Cursor handling Fri, 30 Mar 2007 19:04:34 +0000 http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/#comment-10707 [...] ANI based Trojans - Exploit Windows Animated Cursor handling New trojans have surfaced that exploit a vulnerability in Windows animated cursor handling. This malware uses the ANI extension which has been rarely manipulated by malware in the past.  Corporate admins should add ANI to their email blocking lists.  Users should be cautious with all HTML based email (use plain text if possible),  They should also be careful to only visit trusted and mainstream websites.  The ANI malware can hide within HTML code. This vulnerability in Windows will lead to a crash of the security system so that other malware will be downloaded and installed on the infected system. Microsoft Security Advisory (935423)Vulnerability in Windows Animated Cursor Handlinghttp://www.microsoft.com/technet/security/advisory/935423.mspx Other Security Advisorieshttp://secunia.com/advisories/24659/http://www.frsirt.com/english/advisories/2007/1151http://www.avertlabs.com/research/blog/?p=230http://www.avertlabs.com/research/blog/?p=233http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/http://research.eeye.com/html/alerts/zeroday/20070328.htmlhttp://www.us-cert.gov/current/current_activity.html#WINANIhttp://www.kb.cert.org/vuls/id/191609 AV Vendorshttp://vil.nai.com/vil/content/v_141860.htmhttp://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FANICMOO%2EAXhttp://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FANICMOO%2EAVhttp://www.sophos.com/sl/va/security/analyses/trojanimoou.htmlhttp://www.f-secure.com/v-descs/exploit_w32_ani_c.shtml Published Friday, March 30, 2007 8:02 PM by hwaldron [...] [...] ANI based Trojans – Exploit Windows Animated Cursor handling New trojans have surfaced that exploit a vulnerability in Windows animated cursor handling. This malware uses the ANI extension which has been rarely manipulated by malware in the past.  Corporate admins should add ANI to their email blocking lists.  Users should be cautious with all HTML based email (use plain text if possible),  They should also be careful to only visit trusted and mainstream websites.  The ANI malware can hide within HTML code. This vulnerability in Windows will lead to a crash of the security system so that other malware will be downloaded and installed on the infected system. Microsoft Security Advisory (935423)Vulnerability in Windows Animated Cursor Handlinghttp://www.microsoft.com/technet/security/advisory/935423.mspx Other Security Advisorieshttp://secunia.com/advisories/24659/http://www.frsirt.com/english/advisories/2007/1151http://www.avertlabs.com/research/blog/?p=230http://www.avertlabs.com/research/blog/?p=233http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/http://research.eeye.com/html/alerts/zeroday/20070328.htmlhttp://www.us-cert.gov/current/current_activity.html#WINANIhttp://www.kb.cert.org/vuls/id/191609 AV Vendorshttp://vil.nai.com/vil/content/v_141860.htmhttp://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FANICMOO%2EAXhttp://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FANICMOO%2EAVhttp://www.sophos.com/sl/va/security/analyses/trojanimoou.htmlhttp://www.f-secure.com/v-descs/exploit_w32_ani_c.shtml Published Friday, March 30, 2007 8:02 PM by hwaldron [...]

]]> By: Internet Security and Programming » Blog Archive » Any ANI File Could Infect You! http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/comment-page-1/#comment-10685 Internet Security and Programming » Blog Archive » Any ANI File Could Infect You! Fri, 30 Mar 2007 17:29:04 +0000 http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/#comment-10685 [...] category News. You can read any responses through the RSS 2.0 feed. You can give a response, or trackback from your site. « State Agencies Coordinate Efforts To Combat Cybercrime And EducateStudents, Parents Hello from Black Hat Amsterdam » [...] [...] category News. You can read any responses through the RSS 2.0 feed. You can give a response, or trackback from your site. « State Agencies Coordinate Efforts To Combat Cybercrime And EducateStudents, Parents Hello from Black Hat Amsterdam » [...]

]]> By: Tech Blog » Blog Archive » 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/comment-page-1/#comment-10646 Tech Blog » Blog Archive » 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) Fri, 30 Mar 2007 15:10:57 +0000 http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/#comment-10646 [...] It seems like the vulnerability is already exploited in the wild: http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/ [...] [...] It seems like the vulnerability is already exploited in the wild: http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/ [...]

]]> By: Robert Scroggins http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/comment-page-1/#comment-10629 Robert Scroggins Fri, 30 Mar 2007 13:24:01 +0000 http://asert.arbornetworks.com/2007/03/any-ani-file-could-infect-you/#comment-10629 Eeye has a temporary patch at http://research.eeye.com/html/alerts/zeroday/20070328.html. They say you should remove it when Microsoft comes out with theirs. Regards, Eeye has a temporary patch at http://research.eeye.com/html/alerts/zeroday/20070328.html. They say you should remove it when Microsoft comes out with theirs.

Regards,

]]>