Update on ANIMATED CURSOR exploit - it's even worse!
I've added in all my customers on this notice as the potential for bad trouble has increased. The Chinese Internet Security Response Team is reporting (via SANS.org) that there is a WORM out now that exploits the Animated Cursor vulnerability and that they have seen this worm put into all manner of content including HTML ASPX HTM PHP JSP ASP and EXE files which means that if your system allows files of these types to be included in e-mails or you visit infected web pages that link to files of these types (and who doesn't?) that your system can be infected simply by previewing e-mail for example (which is why I advocate text-only e-mail!)Domains that have been noted as having the infected pages include:
2007ip.com
microfsot.com (don't they just love mis-spellings!)
SANS is also noting that Windows 2003 with Service Pack 2 is also
vulnerable.
McAfee is reporting there is a spam campaign that exploits this too -
I've added .ani to the list of file extensions that are tagged as spam in the FIRE mail system.
See: http://blog.pacdat.net/article.php/20070330000705739 for the
original notice and links as well as
http://isc.sans.org/diary.php?storyid=2551 for more on tools and
http://www.microsoft.com/technet/security/advisory/935423.mspx for the updated Microsoft advisory
----
In the first of a series of updated articles based on my 2004 visit to personal privacy and the Internet, you'll learn about why using HTML mail has been banned by the US Department of Defence and is seriously being considered for banning by many other government and industry institutions.
http://blog.pacdat.net/article.php/20070331144425900 is "A
Reintroduction to Internet/Computer Privacy Invasion"
-----
This is not an April Fools joke - but enjoy others as you find them :)
richard
What's Related