Vista is affected to Windows .ANI 0-day too
March 29th, 2007 by Juha-Matti, Filed under: Web, Microsoft, Commentary, Virus, Corporate Security
Microsoft has confirmed new 0-day type vulnerability related to Animated Cursor handling some hours ago.
The vulnerability (CVE-2007-1765) is being actively exploited to spread backdoor malware. When the workstation is being infected malicious executable wincf.exe will be copied to the machine. This malware will download more Trojans from the address http : //220 . 71.76.189 [Do not visit!].
The main attack vector is Internet Explorer. Readers familiar with MS05-002 remember that MSIE executes cursor files automatically.
This .ani file format is the format of Windows Animated Cursors.
Update: Some AV vendors detect this as Trojan.Anicmoo, TROJ_ANICMOO.AX, Exploit-ANIfile.c, Exploit:W32/Ani.C and Troj/Animoo-U.
-
Is your site safe from SQL Injection attaks? Sign up for Beyond Security’s Automated Vulnerability Detection Service today!
Subscribe
Subscribe
On Windows Vista this trojan can’t be installed because the user has low privileges (UAC enabled by default)