ANI Exploit Tries the ‘Hot Pictures of Britiney Speers’ Shtick
Spam promising “Hot Pictures of Britiney Speers [sic]” is linking to sites hosting the Windows ANI exploit, Websense discovered today. The e-mail, coming from “Nude BritineySpeers.com,” is written in HTML and contains text that allows it to skirt anti-spam rules in the HTML comments.
The come-on is from a server hosted in Russia that Websense says is the same one used previously by groups to install rootkits, password-stealing Trojans and other malware.
Users who fall for the Britney bait and click on links in the spam are redirected to one of several sites containing hidden JavaScript. The JavaScript sends users to a site hosting Windows animated cursor exploit code.
Without user interaction, a file is then downloaded and installed. The file, called 200.exe, looks like a new variant of a file infector with operating system hooks and spamming capabilities, Websense said in an alert.
Microsoft has promised a patch for the Windows animated cursor flaw today.