Anatomy of an animated cursor attack

1 of 9
  • 61219.jpg

    Earlier this week, Microsoft shipped an emergency out-of-band patch to block zero-day attacks against a code execution hole in the way Windows handles animated cursor (.ani) files. This gallery provides a visual look at elements of the hacker attacks, including malicious Web sites, the exploit in action and the adult-themed spam-run linked to the attacks.

    Animated cursors are a feature that allows a series of frames to appear at the mouse pointer location instead of a single image. The Animated Cursors feature is designated by the .ani suffix.

    Image source: F-Secure.

    Caption by: Ryan Naraine

  • 61220.png

    Exploit Prevention Labs offers a LinkScanner service that pinpoints Web-based exploits. This image shows that a prominent news site was rigged with a .ani exploit.

    Caption by: Ryan Naraine

  • 61221.png

    Determina researcher Alexander Sotirov proved that .ani exploits could be launched against Firefox users. This shows an exploit against Firefox running on Windows Vista.

    Image source: Determina.

    Caption by: Ryan Naraine

  • 61223.png

    Evidence shows that several Chinese sites were rigged with IFRAME exploits launching .ani attacks.

    Source: Websense Security Labs.

    Caption by: Ryan Naraine

  • 61224.png

    A Chinese Web forum launches drive-by downloads on vulnerable Windows users.

    Source Websense Security Labs.

    Caption by: Ryan Naraine

  • 61225.png

    More evidence of Chinese sites rigged with .ani exploits.

    Source Websense Security Labs.

    Caption by: Ryan Naraine

  • 61226.png

    At the height of the attacks, e-mail spam lures promising "hot Britney pics" were being used.

    Source: Websense Security Labs.

    Caption by: Ryan Naraine

  • 61227.jpg

    From the first public report by malware-test on March 27 until today, the day after MS07-017 was released, you can see nearly day on day doubling or worse.

    Source: Arbor Networks.

    Caption by: Ryan Naraine

  • 61228.png

    On April 3, a week after the first attack reports surfaced, Microsoft shipped an out-of-band update that includes patches for seven vulnerabilities.

    Caption by: Ryan Naraine

1 of 9

Earlier this week, Microsoft shipped an emergency out-of-band patch to block zero-day attacks against a code execution hole in the way Windows handles animated cursor (.ani) files. This gallery provides a visual look at elements of the hacker attacks, including malicious Web sites, the exploit in action and the adult-themed spam-run linked to the attacks.

Read More Read Less

Earlier this week, Microsoft shipped an emergency out-of-band patch to block zero-day attacks against a code execution hole in the way Windows handles animated cursor (.ani) files. This gallery provides a visual look at elements of the hacker attacks, including malicious Web sites, the exploit in action and the adult-themed spam-run linked to the attacks.

Animated cursors are a feature that allows a series of frames to appear at the mouse pointer location instead of a single image. The Animated Cursors feature is designated by the .ani suffix.

Image source: F-Secure.

Caption by: Ryan Naraine

1 of 9

Related Topics:

Enterprise Software Microsoft Cloud Big Data Analytics Innovation Tech and Work

Related Galleries

    • 1 of 3

  • Give Google Chrome a speed boost

    Here are a handful of tricks to help you speed up your browser and make it use up fewer precious system resources. (Updated April 2019)