A tale of two animated cursor attacks

A tale of two animated cursor attacks

Summary: At the height of the animated cursor(.ani) attacks last week, there were two different groups using different motives to hit a different set of targets.

SHARE:
TOPICS: Security
8
At the height of the animated cursor(.ani) attacks last week, there were two different groups using different motives to hit a different set of targets.

According to Websense Security Labs, the first set of attacks started in the China region and appear to be the work of groups within the Asia Pacific Region.

The attackers have compromised hundreds of machines and placed IFRAME's back to the main servers that host the exploit code. In most cases the payload and motivation of these attacks is to gather credentials for online games.

A few days later, a second set of attacks started up from a group in Eastern Europe known for using malware lures to launch identity theft attacks.

This group has been placing exploit code on sites for many years now and has a very resilient infrastructure. They have used WMF, VML, and several other exploits in there routines previously. As of now they have also added the ANI attacks to their arsenal. The payload and motivation is somewhat different however as they are more known to install rootkit's and crimeware which is designed to install form grabbing software and keyloggers in order to compromise end-user banking details. Also in the past they have installed fake anti-spyware software as a distraction and as a means to falsify someone into acquiring some anti-spyware software.

More than two weeks after the attacks were first spotted, there are still more than 2,000 unique sites that are hosting exploit code and/or are compromised and are pointing to machines that host exploit code, Websense said.

According to Andreas Marx of AV Test, there are more than 46,000 different URLs that together serve up almost 3,000 different corrupted animated cursor files.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

8 comments
Log in or register to join the discussion
  • Not to bad might I add .

    Personally I think all this is nothing to me , if anything this is Microsoft's & its users problem .
    Intellihence
    • Eh?

      Then why bother posting a comment?
      Bucky24
      • Why Indeed...

        [b]Then why bother posting a comment? [/b]

        Because he's a Linux user and simply HAS to let it be known how "Kewl" he is...
        Wolfie2K3
    • True

      Except like most other "problems", not a very big one.

      In the hundreds of PC's I manage, not one case of exploitation.
      rkuhn040172@...
      • That you are aware of!!

        What if there are exploits that you are not aware of? What then?
        rhomp2002@...
        • What then? DUH... It's Simple..

          [b]What if there are exploits that you are not aware of? What then? [/b]

          Then, when those exploits are found and exploited, we'll simply patch them when the patches become available.

          Look, there is NO such thing as a 100% perfect OS. Sorry Linux and Mac guys - those are just as far away from being perfect as the Windows universe is. If not for security, for other reasons.

          Windows - as it was originally written - is a decent enough OS. The problem here is there are numerous elements - criminals - who think it's a good thing to hack into other people's computers for "fun" and profit. Only through their actions do these vulnerabilities come to see the light of day.

          The REAL ROOT of the whole problem here, however, is the end user. The aforementioned criminals mostly use social engineering tactics to get the unwary to visit web sites that carry the infectious payload du jour. If people would only use common sense when it comes to the spam and what not and simply DELETE the damn things, the internet would be a LOT safer.

          Unfortunately, we live in PT Barnum's universe - where there's a sucker born every minute. Some people just can't resist the temptations of cheap viagra, cialis or other sex drugs, naked pictures of some Hollywood strumpet, the phishing expeditions, and the other tons of nonsense cluttering up our inboxes every day.

          Until those people get a CLUE, this nonsense will continue - no matter which OS is dominant...
          Wolfie2K3
          • Riiiight ...

            And so if I put my money in a bank created by Microsoft Architects and they use glass instead of steel and concrete to build the safe 'I' am the stupid one because I didn't realize there were criminals out there who would steal the money???

            Get a clue dude.

            Microsoft has been repeatedly warned against using certain techniques AND developing Active X by W3 over 10 years ago during the development stage.

            They use the 'Registry' which is an affront to logic.

            When people find holes and report it, they withhold thanks on the basis that it wasn't a problem until some good natured soul points it out ... Like the 100 criminal hackers were going to tell Microsoft that THEY found the hole too and have been exploiting it???

            Come on. Use the sense you were born with.

            You talk of 'suckers'? Well who the heck appointed you arbiter of judgment when some Granny or other form of newbie first boots her computer for the first time and logs onto the net?

            Yes, surprise, surprise, there ARE people out there who don't have your years of experience dealing with spam and who still think of it as a tasty luncheon meat from Hormel.

            So why should Granny have her details stolen because she is bedridden and wants to buy a book from Amazon?

            What is the difference between using Microsoft with it's security holes and the Radio Shack location that dumped customer credit card details behind their shop without destroying them first?

            No, Microsoft has repeatedly gotten away with ignoring good advice given in good faith by W3 and concerned individuals who are attempting to make things safe for the on-line community ... experienced and newbie alike.

            To say that a 'new user' is at fault because they are not educated yet is absurd since the next generation of users and programmers will be from this very crowd.
            The Smoking Man
          • We are all at fault someway

            1. Everyone who waits at midnight for the release of a new product.
            2. Allowing MS or anyone else to sell defective products ie. software that does not work on some machines without penalty or recall.
            3. The internet server industry for allowing e-mail without traceable return addresses through the system.
            4. Not making manufacturers to sell products with proven software installed instead of what MS tells them to include.
            5. Not requiring the courts to break the fingers of any malware, virus or spyware creator in the public square.
            6. Making machines that the average person finds too difficult to manage, can you imagine what the highways would be like if cars were made like computers. It scares me to think that most cars are monitored by a computer today, what if they actually ran the car, would the windscreen be a blue screen instead of blood red after an accident.
            rflanagan@...