ANI Exploit Tries the 'Hot Pictures of Britiney Speers' Shtick
Spam promising "Hot Pictures of Britiney Speers [sic]" is linking to sites hosting the Windows ANI exploit, Websense discovered today. The e-mail, coming from "Nude BritineySpeers.com," is written in HTML and contains text that allows it to skirt anti-spam rules in the HTML comments.
The come-on is from a server hosted in Russia that Websense says is the same one used previously by groups to install rootkits, password-stealing Trojans and other malware.
Without user interaction, a file is then downloaded and installed. The file, called 200.exe, looks like a new variant of a file infector with operating system hooks and spamming capabilities, Websense said in an alert.
Microsoft has promised a patch for the Windows animated cursor flaw today.