Search
  • Videos
  • Windows 10
  • 5G
  • Best VPNs
  • Cloud
  • Security
  • AI
  • more
    • TR Premium
    • Working from Home
    • Innovation
    • Best Web Hosting
    • ZDNet Recommends
    • Tonya Hall Show
    • Executive Guides
    • ZDNet Academy
    • See All Topics
    • White Papers
    • Downloads
    • Reviews
    • Galleries
    • Videos
    • TechRepublic Forums
  • Newsletters
  • All Writers
    • Preferences
    • Community
    • Newsletters
    • Log Out
  • Menu
    • Videos
    • Windows 10
    • 5G
    • Best VPNs
    • Cloud
    • Security
    • AI
    • TR Premium
    • Working from Home
    • Innovation
    • Best Web Hosting
    • ZDNet Recommends
    • Tonya Hall Show
    • Executive Guides
    • ZDNet Academy
    • See All Topics
    • White Papers
    • Downloads
    • Reviews
    • Galleries
    • Videos
    • TechRepublic Forums
      • Preferences
      • Community
      • Newsletters
      • Log Out
  • us
    • Asia
    • Australia
    • Europe
    • India
    • United Kingdom
    • United States
    • ZDNet around the globe:
    • ZDNet France
    • ZDNet Germany
    • ZDNet Korea
    • ZDNet Japan

Anatomy of an animated cursor attack

1 of 9 NEXT PREV
  • 61219.jpg

    Earlier this week, Microsoft shipped an emergency out-of-band patch to block zero-day attacks against a code execution hole in the way Windows handles animated cursor (.ani) files. This gallery provides a visual look at elements of the hacker attacks, including malicious Web sites, the exploit in action and the adult-themed spam-run linked to the attacks.

    Animated cursors are a feature that allows a series of frames to appear at the mouse pointer location instead of a single image. The Animated Cursors feature is designated by the .ani suffix.

    Image source: F-Secure.

    Published: April 6, 2007 -- 11:10 GMT (04:10 PDT)

    Caption by: Ryan Naraine

  • 61220.png

    Exploit Prevention Labs offers a LinkScanner service that pinpoints Web-based exploits. This image shows that a prominent news site was rigged with a .ani exploit.

    Published: April 6, 2007 -- 11:10 GMT (04:10 PDT)

    Caption by: Ryan Naraine

  • 61221.png

    Determina researcher Alexander Sotirov proved that .ani exploits could be launched against Firefox users. This shows an exploit against Firefox running on Windows Vista.

    Image source: Determina.

    Published: April 6, 2007 -- 11:10 GMT (04:10 PDT)

    Caption by: Ryan Naraine

  • 61223.png

    Evidence shows that several Chinese sites were rigged with IFRAME exploits launching .ani attacks.

    Source: Websense Security Labs.

    Published: April 6, 2007 -- 11:10 GMT (04:10 PDT)

    Caption by: Ryan Naraine

  • 61224.png

    A Chinese Web forum launches drive-by downloads on vulnerable Windows users.

    Source Websense Security Labs.

    Published: April 6, 2007 -- 11:10 GMT (04:10 PDT)

    Caption by: Ryan Naraine

  • 61225.png

    More evidence of Chinese sites rigged with .ani exploits.

    Source Websense Security Labs.

    Published: April 6, 2007 -- 11:10 GMT (04:10 PDT)

    Caption by: Ryan Naraine

  • 61226.png

    At the height of the attacks, e-mail spam lures promising "hot Britney pics" were being used.

    Source: Websense Security Labs.

    Published: April 6, 2007 -- 11:10 GMT (04:10 PDT)

    Caption by: Ryan Naraine

  • 61227.jpg

    From the first public report by malware-test on March 27 until today, the day after MS07-017 was released, you can see nearly day on day doubling or worse.

    Source: Arbor Networks.

    Published: April 6, 2007 -- 11:10 GMT (04:10 PDT)

    Caption by: Ryan Naraine

  • 61228.png

    On April 3, a week after the first attack reports surfaced, Microsoft shipped an out-of-band update that includes patches for seven vulnerabilities.

    Published: April 6, 2007 -- 11:10 GMT (04:10 PDT)

    Caption by: Ryan Naraine

1 of 9 NEXT PREV
Ryan Naraine

By Ryan Naraine | April 6, 2007 -- 11:10 GMT (04:10 PDT) | Topic: Enterprise Software

  • 61219.jpg
  • 61220.png
  • 61221.png
  • 61223.png
  • 61224.png
  • 61225.png
  • 61226.png
  • 61227.jpg
  • 61228.png

Earlier this week, Microsoft shipped an emergency out-of-band patch to block zero-day attacks against a code execution hole in the way Windows handles animated cursor (.ani) files. This gallery provides a visual look at elements of the hacker attacks, including malicious Web sites, the exploit in action and the adult-themed spam-run linked to the attacks.

Read More Read Less

Earlier this week, Microsoft shipped an emergency out-of-band patch to block zero-day attacks against a code execution hole in the way Windows handles animated cursor (.ani) files. This gallery provides a visual look at elements of the hacker attacks, including malicious Web sites, the exploit in action and the adult-themed spam-run linked to the attacks.

Animated cursors are a feature that allows a series of frames to appear at the mouse pointer location instead of a single image. The Animated Cursors feature is designated by the .ani suffix.

Image source: F-Secure.

Published: April 6, 2007 -- 11:10 GMT (04:10 PDT)

Caption by: Ryan Naraine

1 of 9 NEXT PREV

Related Topics:

Enterprise Software Microsoft Cloud Big Data Analytics Innovation Tech and Work
Ryan Naraine

By Ryan Naraine | April 6, 2007 -- 11:10 GMT (04:10 PDT) | Topic: Enterprise Software

Show Comments
LOG IN TO COMMENT
  • My Profile
  • Log Out
| Community Guidelines

Join Discussion

Add Your Comment
Add Your Comment

Related Galleries

  • 1 of 3
  • Parallels Toolbox 4.5 for PCs, M1 and Intel Macs

    Parallels Toolbox 4.5 suite now supports M1-powered Macs, as well as introducing a revamped interface, and the addition of a customizable dashboard.

  • Linux turns 29: The biggest events in its history so far

    A year by year summary of the most significant events in Linux's history to date.

  • Parallels Toolbox 4 for Windows and Mac

    New features include Break Time, Unit Convertor, and Enhanced Search.

  • How to perform a clean install of Windows 10: Here's a step-by-step checklist

    A clean install is the perfect way to get a fresh start with a Windows PC. Use this checklist to make sure you take care of the small details that make a big difference in productivity ...

  • Linux survival guide: These 21 applications let you move easily between Linux and Windows

    If you need to navigate regularly between Linux and the Windows world, there are many applications that can make your job easier. We spotlight 21 quality applications that will pave ...

  • 2019's tech, security, and authentication trends

    We take a look at the top tech, cybersecurity, and authentication trends as revealed today by the Duo Security's 2019 Trusted Access Report, which includes data from 24 million devices, ...

  • Awesome Google Chrome extensions (May 2019 edition)

    Get more done in Google Chrome, with this selection of hand-picked extensions from the Chrome Web Store. These free extensions allow you to do a variety of things, from taking screenshots ...

ZDNet
Connect with us

© 2021 ZDNET, A RED VENTURES COMPANY. ALL RIGHTS RESERVED. Privacy Policy | Cookie Settings | Advertise | Terms of Use

  • Topics
  • Galleries
  • Videos
  • Sponsored Narratives
  • Do Not Sell My Information
  • About ZDNet
  • Meet The Team
  • All Authors
  • RSS Feeds
  • Site Map
  • Reprint Policy
  • Manage | Log Out
  • Join | Log In
  • Membership
  • Newsletters
  • Site Assistance
  • ZDNet Academy
  • TechRepublic Forums