ANI Exploit Tries the 'Hot Pictures of Britiney Speers' Shtick

 
 
By Lisa Vaas  |  Posted 2007-04-03 Email Print this article Print
 
 
 
 
 
 
 

ANI Exploit Tries the 'Hot Pictures of Britiney Speers' Shtick

Spam promising "Hot Pictures of Britiney Speers [sic]" is linking to sites hosting the Windows ANI exploit, Websense discovered today. The e-mail, coming from "Nude BritineySpeers.com," is written in HTML and contains text that allows it to skirt anti-spam rules in the HTML comments.

The come-on is from a server hosted in Russia that Websense says is the same one used previously by groups to install rootkits, password-stealing Trojans and other malware.

Users who fall for the Britney bait and click on links in the spam are redirected to one of several sites containing hidden JavaScript. The JavaScript sends users to a site hosting Windows animated cursor exploit code.

Without user interaction, a file is then downloaded and installed. The file, called 200.exe, looks like a new variant of a file infector with operating system hooks and spamming capabilities, Websense said in an alert.

Microsoft has promised a patch for the Windows animated cursor flaw today.

 
 
 
 
del.icio.us | digg.com
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel