On TV.com: HOUSE's New Formula for Excellence
BNET Business Network:
BNET
TechRepublic
ZDNet
15 TalkBacks

By Dawn Kawamoto
Posted on ZDNet News: Mar 30, 2007 9:28:00 PM

A zero-day exploit that takes advantage of a vulnerability in the Windows cursor could be spreading rapidly.

The hole in the Windows animated cursor, which was flagged in a Microsoft advisory Thursday, has moved from a targeted attack to one that is widespread, said Johannes Ullrich, chief research officer for the Sans Institute, which also issued an advisory.

Attackers also on Thursday launched a Trojan spam that dupes users into thinking it's an IE 7 beta, according to a Sans advisory. The Trojan uses the same file name as Microsoft's legitimate IE 7 betas, making detection more difficult, Ullrich noted.

"Antivirus software was initially pretty useless in combating it," Ullrich said. "It was spammed out quickly and probably used an existing spam network."

He noted, however, that users have to click on a link to have their systems affected, so it is less of a threat than the Windows animated cursor zero-day flaw, or a security hole that has been publicly disclosed but not fixed.

"With the (animated cursor), you don't have to click on a link to get it to launch," Ullrich said. "You just have to open a malicious e-mail or go to a malicious Web site."

Several dozen Web sites have become infected with the exploit in the past day, and Microsoft has yet to issue a patch, he added.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 15 Talkback(s)
Question to Vista users
Yes, I know it's going to show how little I know about Vista internals. I don't mind being ignorant of a product that I've currently no interest in using. Since I've been using MS products since 6.22,... (Read the rest)
Posted by: spmtrapr@... Posted on: 04/04/07 You are currently: a Guest | | Terms of Use
Just remember, YOU, as a valued Microsoft customer are responsible for ALL  DonnieBoy | 03/30/07
From the excuses MS is giving, either the code is one big hair ball,  DonnieBoy | 03/30/07
Wait, sorry, there is another possibility. Maybe, just maybe, they are too  DonnieBoy | 03/30/07
Ask No_Axe  itanalyst | 04/02/07
All your computer are belong to us  BitTwiddler | 03/31/07
don't mind DonnieBoy as he doesn't have a life to live.  Grayson Peddie | 03/31/07
From the social engineering hindsight that users should have  Boot_Agnostic | 03/31/07
Donnie's been busy  Boot_Agnostic | 03/31/07
Cancel or Allow?  An_Axe_to_Grind | 03/31/07
never should've turned it off  CobraA1 | 04/01/07
Agreed  nikoli | 04/02/07
(OT) Funny link  Jack-Booted EULA | 04/01/07
Was this the IE exploit Loverock Davidson Reassured Us About?  BanjoPaterson | 04/02/07
LOOK EVERYONE!@#*&#@#! HE MENTIONS ME!!!  Loverock Davidson | 04/02/07
Question to Vista users  spmtrapr@... | 04/04/07

What do you think?

advertisement
advertisement
Click Here

White Papers, Webcasts, and Downloads

SmartPlanet

  • Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
  • More from IBM
  • Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
  • Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
Click Here