Attackers exploit zero-day Windows flaw

By Dawn Kawamoto
Posted on ZDNet News: Mar 30, 2007 9:28:00 PM

A zero-day exploit that takes advantage of a vulnerability in the Windows cursor could be spreading rapidly.

The hole in the Windows animated cursor, which was flagged in a Microsoft advisory Thursday, has moved from a targeted attack to one that is widespread, said Johannes Ullrich, chief research officer for the Sans Institute, which also issued an advisory.

Attackers also on Thursday launched a Trojan spam that dupes users into thinking it's an IE 7 beta, according to a Sans advisory. The Trojan uses the same file name as Microsoft's legitimate IE 7 betas, making detection more difficult, Ullrich noted.

"Antivirus software was initially pretty useless in combating it," Ullrich said. "It was spammed out quickly and probably used an existing spam network."

He noted, however, that users have to click on a link to have their systems affected, so it is less of a threat than the Windows animated cursor zero-day flaw, or a security hole that has been publicly disclosed but not fixed.

"With the (animated cursor), you don't have to click on a link to get it to launch," Ullrich said. "You just have to open a malicious e-mail or go to a malicious Web site."

Several dozen Web sites have become infected with the exploit in the past day, and Microsoft has yet to issue a patch, he added.

SponsoredWhite Papers, Webcasts, and Downloads

Talkback
Most Recent of 15 Talkback(s)

Thread View
Flat View

Question to Vista users: Yes, I know it's going to show how little I know about Vista internals. I don't mind being ignorant of a product that I've currently no interest in using. Since I've been using MS products since 6.22,... (Read the rest); Posted by: spmtrapr@... Posted on: 04/04/07 You are currently: Logged In | Log out

Just remember, YOU, as a valued Microsoft customer are responsible for ALL DonnieBoy | 03/30/07

From the excuses MS is giving, either the code is one big hair ball, DonnieBoy | 03/30/07

Wait, sorry, there is another possibility. Maybe, just maybe, they are too DonnieBoy | 03/30/07

Ask No_Axe itanalyst | 04/02/07

All your computer are belong to us BitTwiddler | 03/31/07

don't mind DonnieBoy as he doesn't have a life to live. Grayson Peddie | 03/31/07

From the social engineering hindsight that users should have Boot_Agnostic | 03/31/07

Donnie's been busy Boot_Agnostic | 03/31/07

Cancel or Allow? An_Axe_to_Grind | 03/31/07

never should've turned it off CobraA1 | 04/01/07

Agreed nikoli | 04/02/07

(OT) Funny link Jack-Booted EULA | 04/01/07

Was this the IE exploit Loverock Davidson Reassured Us About? BanjoPaterson | 04/02/07

LOOK EVERYONE!@#*&#@#! HE MENTIONS ME!!! Loverock Davidson | 04/02/07

Question to Vista users spmtrapr@... | 04/04/07

What do you think?

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SponsoredWhite Papers, Webcasts, and Downloads

BNET Industries
Check out BNET's newest resource for managers and executives. Need to do research on your competitors? Don't have time to read every trade pub? BNET Industries is the new source for daily news, insights, and research on 11 major industries and 9,000 public companies.
The technology industry from a different angle
See what's hot in the auto industry
Stay on top of the energy industry