SCF Advanced Search

  • Total Posts: 40526
  • Total Topics: 14430
  • Online Today: 570
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

Author Topic: Eastern European crime in on ANI attacks too  (Read 3002 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum
Eastern European crime in on ANI attacks too
« on: 21. May 2007., 21:34:00 »
Attackers operating from Chinese servers may have been the first to use the animated-cursor (.ANI) file flaw in Microsoft Windows to exploit victims' systems, but another group--apparently operating from Eastern Europe--has started using the flaw as well, security firm Websense said on Monday.

The Chinese attackers have operated at least since late last year and typically have targeted victims' accounts for online games such as World of Warcraft and Legacy. More recent attacks that appear to emanate from Eastern Europe have installed rootkits and keyloggers aimed at getting access to victim's financial accounts, according to Websense.

"This group has been placing exploit code on sites for many years now and has a very resilient infrastructure," wrote researchers from security firm Websense. "They have used WMF, VML, and several other exploits in there routines previously. As of now they have also added the ANI attacks to their arsenal."

Flaws in the Microsoft's Windows' handling of Windows Meta File (WMF) and the Vector Markup Language (VML) allowed computers that had not been patched to be exploited remotely through the Internet Explorer.

The vulnerability in Microsoft Windows' processing of animated-cursor (.ANI) files is of similar magnitude to both the WMF and VML flaws. While Microsoft was told of the vulnerability in December, the software giant had not expedited a fix, but made the critical patch a part of its normal process. In the end, attackers found the flaw first and Microsoft had to release an emergency patch last week. The vulnerability affects all versions of Windows, including Windows Vista.

The Web site of PC hardware maker ASUS was compromised late last week in a manner typical of both these groups.


Samker's Computer Forum -

Eastern European crime in on ANI attacks too
« on: 21. May 2007., 21:34:00 »


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising