Animated cursor attacks escalate; emergency patch coming

Animated cursor attacks escalate; emergency patch coming

Summary: Microsoft plans to release an emergency, out-of-cycle Windows update on Tuesday, April 3, 2006 to patch the animated cursor (.ani) vulnerability currently being used in widespread malware attacks.

TOPICS: Security
Microsoft plans to release an emergency, out-of-cycle Windows update on Tuesday, April 3, 2006 to patch the animated cursor (.ani) vulnerability currently being used in widespread malware attacks.

The decision follows a weekend of escalated attacks, which include a self-propagating worm spotted in China and the discovery of hundreds (possibly thousands) of hacked Web sites hosting animated cursor exploits.

According to Christopher Budd, a program manager in the MSRC (Microsoft Security Response Center), the out-of-band patch is in response to the increased attacks and the public disclosure of proof-of-concept code.

"In light of these points, and based on customer feedback, we have been working around the clock to test this update and are currently planning to release the security update that addresses this issue on Tuesday April 3, 2007," Budd said in a blog entry.

The proof-of-concept code is available at, a public repository for free exploits. The remote exploit code even bypasses the unofficial patch being offered by eEye Digital Security.

Dave Aitel's Immunity has also released an exploit in its CANVAS penetration testing platform.

In addition to public exploit code, the Chinese Internet Security Response Team has found evidence of a worm attack linked to the .ani zero-day vulnerability.

We have received this kind of new worm today. It has the same behavior as Worm.Win32.Fujacks. It also can infects .HTML .ASPX .HTM .PHP .JSP .ASP and .EXE files, and inserts the malicious links which contained Windows Animated Cursor Handling zero-day vulnerability into .HTML .ASPX .HTM .PHP .JSP .ASP files. It also can send out Chinese spams which are include the same zero-day vulnerability link.

The worm is being downloaded from "," a typo-squatted domain.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • What I find interesting is

    that something so inane as the cursors is causing such a security headache. It really makes you question how Microsoft writes code. ]:)
    Linux User 147560
    • Kind of like ` character obtaining shell on Firefox and Linux

      It's kind of like ` character obtaining shell on Firefox and Linux. That's about as "inane" as it gets.
      • What does the animated cursor flaw have to do with firefox ?

        You schmuck you are no different than the rest of the Windows Zealots . Try to stay on topic Mr. Ou .
        I'm Ye, the MS SHILL .
        • Why is anyone who disagrees with...

          ...the ABMers a zealot? Can't someone just be a satisfied user of Windows?
          • Can anyone be a satisfied Windows user?

            I suppose, theoretically, anything is possible.

            It just doesn't seem very likely.
          • I suppose

            But with a thing such as software, satisfied is very subjective and a relative term. There is no software on earth that I feel is completely satisfying, but Windows and other Microsoft applications and some third party Windows applications come the closest for me. And many others. When you've held a 95% marketshare for over a decade, you tend to get repeat customers. Repeat customers indicate satified users. So there you have it. <br>
          • My great grand daddy served...

            ...his masters well. He must have been satisfied slaving for them.

            Your conclusion does not follow. It is a non-sequitur argument.

            Repeat customers only indicate satisfied users when there is a slew of great competition (e.g., the cellular telephone market).

            Many decide to upgrade to the new MS product X version 2.0 because it has the name MS on it (and MS has allegedly held a 95% marketshare for over 10 years) or because they have MS product X version 1.x. The decision has nothing to do with satisfaction. More like fear of the unknown.
        • I think he was responding tick for tac

          As Linux user went out of his way to point out MS's coding ability in such a way as to imply that no one else code has errors on something so trivial as a cursor.

          I think George was just pointiong out that the FireFox coders suck too, as look at the above mentioned code error was..
          John Zern
          • Isn't it "Tit for Tat"?

            Neither way makes sense, but I had always heard it this way. :)
            Spoon Jabber
          • Message has been deleted.

            Knorthern Knight
      • So many things wrong with that reply...

        ...I barely know where to begin.

        1) Backtick expansion is *NOT* enabled by default on any linux distro that I'm aware of

        2) Even if it was, I could turn it off by changing one line in the mailcap file. I would *NOT* have to wait a week for Linus to test and approve a patch to his kernel.

        3) Backtick getting shell access in Firefox?!?!? That's a new one to me. Care to explain?
        Knorthern Knight
    • Or just quality in general...

      It does in fact make you wonder how they write the code, but even more the quality in which the OS is tested before its released out to the customer. I believe in the open source community and people actively testing the system, but I think Microsoft should spend a little more money/time on their in-house quality testing as opposed to all this cheesy eye candy. Its quite funny that once one of their operating systems starts to become remotely on its way to being the least bit secure, they release a new one with even more bugs and security issues. Go figure. Remain free, run linux.
      Brandon Dixon
      • Open source is 100% bug free?

        If not you OSS advocates have no room to talk.

        I tried the sample exploit on Vista and it failed to run calc.exe as claimed. It did crash Explorer and required me to boot in Safe Mode with Command Line in order to delete the file from the desktop. Once done the system is back up and running fine. It's an effective DoS that would probably have the average user re-installing the OS but not much more than that (at least with the sample code I tried).
        • OSS is free , Windows isn't .

          All this C.R.A.P. on security and stability from Microsoft is at best , a joke .
          I'm Ye, the MS SHILL .
          • Cost is irrelevant.

            Unless OSS is 100% bug free OSS advocates have no room to talk. Period. I've found Windows to be quite stable and secure. It's not problem free but it is much better than the nay sayers would have us believe.
          • Cost Is Relevant ?

            If a user paid big money for an OS that is new and the OS has had problems since a way back . You dang right it's an issue , tell all those who poured big money into Microsoft that the company really doesn't care to much about them . What , Microsoft was only after the money ?

            At least with Linux , the OS is free , and if there is a problem , you can bet that the fix is on the way . Unlike Microsoft who likes to drag their feet thru the mud .

            Discusting , despicable
            I'm Ye, the MS SHILL .
          • The only people who think MS doesn't care...

            ...about them are the ABMers. Everybody wants something different. Microsoft can't please them all. My take is that no matter what Microsoft were to do the ABMers (you) would find fault. Period. They can do no right in your eyes.
          • OSS is 'free' and

            OSS is free, and you get what you pay for.
        • ....

          No room to talk? As if we live in some different world. The fact alone that you make such a bold comment as that just shows your ignorance. Open source is not 100% bug free and no one said it was, especially me. Each has their flaws and nothing is perfect, BUT open source like the guy below commented is free and seems to be doing a better job as far as security goes. Microsoft is all about releasing fixes weeks after something happens. Only this time are they actually doing something about a problem in a timely manner. The open source community stays on top of what their users say, if there is a problem it is usually fixed and broadcasted to everyone.

          ...I am not a fan boy or slamming Microsoft, but Vista is a joke .
          Brandon Dixon
          • No room to talk.

            If OSS is not 100% bug free then you can't be faulting Microsoft. The fact that OSS is free is completely irrelevant. As for timely release Microsoft went to a monthly patch schedule based on CUSTOMER demand. How many times do you idiots need to have something repeated before it sinks in.

            Likewise Vista has been very troublefree for me. The fact that you're incompetent and have problems with it doesn't make it a joke. It means you're a joke.