Skip to content

TechRepublic

  • Top Products Lists
  • AI
  • Developer
  • Payroll
  • Security
  • Project Management
  • TechRepublic Academy
  • Innovation
  • Cheat Sheets
  • Cloud
  • 5G
  • Big Data
  • TechRepublic Premium
  • Top Products Lists
  • AI
  • Developer
  • Payroll
  • Security
  • Project Management
  • TechRepublic Academy
  • Innovation
  • Cheat Sheets
  • Cloud
  • 5G
  • Big Data
  • See All Topics
  • Sponsored
  • Newsletters
  • Forums
  • Resource Library
TechRepublic Premium
Join / Sign In
Security

Anatomy of an animated cursor attack

By ryan naraine April 5, 2007, 11:33 AM PDT

Image
1
of 9

Anatomy of an animated cursor attack

The source of the problem

The source of the problem

Earlier this week, Microsoft shipped an emergency out-of-band patch to block zero-day attacks against a code execution hole in the way Windows handles animated cursor (.ani) files. This gallery provides a visual look at elements of the hacker attacks, including malicious Web sites, the exploit in action and the adult-themed spam-run linked to the attacks.rn

rnAnimated cursors are a feature that allows a series of frames to appear at the mouse pointer location instead of a single image. The Animated Cursors feature is designated by the .ani suffix. rn

Image source: F-Secure.

Anatomy of an animated cursor attack

Detecting an exploit site

Detecting an exploit site

Exploit Prevention Labs offers a LinkScanner service that pinpoints Web-based exploits. This image shows that a prominent news site was rigged with a .ani exploit.

Anatomy of an animated cursor attack

The Firefox attack vector

The Firefox attack vector

Determina researcher Alexander Sotirov proved that .ani exploits could be launched against Firefox users. This shows an exploit against Firefox running on Windows Vista. rn

Image source: Determina.

Anatomy of an animated cursor attack

Maliciously rigged site

Maliciously rigged site

Evidence shows that several Chinese sites were rigged with IFRAME exploits launching .ani attacks. rn

Source: Websense Security Labs.

Anatomy of an animated cursor attack

Forums delivering payloads

Forums delivering payloads

A Chinese Web forum launches drive-by downloads on vulnerable Windows users.rn

Source Websense Security Labs.

Anatomy of an animated cursor attack

Another iFrame exploit

Another iFrame exploit

More evidence of Chinese sites rigged with .ani exploits.rn

Source Websense Security Labs.

Anatomy of an animated cursor attack

Hot Britney pics

Hot Britney pics

At the height of the attacks, e-mail spam lures promising “hot Britney pics” were being used.rn

rnSource: Websense Security Labs.

Anatomy of an animated cursor attack

Exploit timeline

Exploit timeline

From the first public report by malware-test on March 27 until today, the day after MS07-017 was released, you can see nearly day on day doubling or worse.rn

Source: Arbor Networks.

Anatomy of an animated cursor attack

Microsoft ships an emergency update

Microsoft ships an emergency update

On April 3, a week after the first attack reports surfaced, Microsoft shipped an out-of-band update that includes patches for seven vulnerabilities.

  • Security
  • Account Information

    Share with Your Friends

    Anatomy of an animated cursor attack

    Your email has been sent

Share: Anatomy of an animated cursor attack
Image of ryan naraine
By ryan naraine
  • Account Information

    Contact ryan naraine

    Your message has been sent

  • |
  • See all of ryan's content

TechRepublic Premium

  • TechRepublic Premium

    Checklist: Network and systems security

    Cybersecurity demands and the stakes of failing to properly secure systems and networks are high. While every organization’s specific security needs form a unique and complex blend of interconnected requirements, numerous security fundamentals almost always apply to each of these groups. It stands to reason that cybersecurity pros who effectively identify network and systems risks ...

    Published:  June 1, 2023, 4:00 PM EDT Modified:  June 2, 2023, 7:48 AM EDT Read More See more TechRepublic Premium
  • TechRepublic Premium

    How to host multiple websites on Linux with Apache

    In this guide from TechRepublic Premium we’re going to explore the various things you can do with a Linux server. We won’t leave out any steps, so you won’t have to refer to another tutorial to complete the process. The only step we will leave out is the installation of Linux, as we’ll assume you ...

    Downloads
    Published:  May 31, 2023, 4:00 PM EDT Modified:  June 1, 2023, 7:45 AM EDT Read More See more TechRepublic Premium
  • TechRepublic Premium

    How to deploy an application with Kubernetes

    If you want to deploy applications into a Kubernetes cluster, be warned — it’s not the easiest task. There are a lot of moving pieces that go into these scalable containers. Don’t you wish you had a complete roadmap, from start to finish, to walk you through the process of deploying the Kubernetes cluster, deploying ...

    Downloads
    Published:  May 31, 2023, 4:00 PM EDT Modified:  June 1, 2023, 7:51 AM EDT Read More See more TechRepublic Premium
  • TechRepublic Premium

    Cross-training tool kit

    The more flexibility you can create in your technology workforce, the better you’ll be equipped to manage tomorrow, whatever the future brings. Too often, we focus on helping our teams become technical specialists who know volumes about a single technology, but quickly lose sight of how that technology connects with others. This makes their skills ...

    Downloads
    Published:  May 30, 2023, 4:00 PM EDT Modified:  May 31, 2023, 4:50 PM EDT Read More See more TechRepublic Premium

Services

  • About Us
  • Newsletters
  • RSS Feeds
  • Site Map
  • Site Help & Feedback
  • FAQ
  • Advertise
  • Do Not Sell My Information

Explore

  • Downloads
  • TechRepublic Forums
  • Meet the Team
  • TechRepublic Academy
  • TechRepublic Premium
  • Resource Library
  • Photos
  • Videos
  • TechRepublic
  • TechRepublic on Twitter
  • TechRepublic on Facebook
  • TechRepublic on LinkedIn
  • TechRepublic on Flipboard
© 2023 TechnologyAdvice. All rights reserved.
  • Privacy Policy
  • Terms of Use
  • Property of TechnologyAdvice