On BNET: 21 ways to make yourself more likeable

Search:
Go!


Alpha Blog: CNET's gadget & tech news and opinions blogged by our editors
March 30, 2007, 12:52 PM PDT
Windows animated cursor attack: Prevention and cure
Posted by: Robert Vamosi

There's a new Microsoft Windows vulnerability caused by an unspecified error in the way Windows 2000, XP, and Vista handle animated cursors. Animated cursors allow a mouse pointer to appear animated on a Web site. The feature is often designated by the .ani suffix, but attacks for this vulnerability are not constrained by this file type, so simply blocking ANI files won't necessarily protect a PC. Successful exploitation can result in memory corruption when processing cursors, animated cursors, and icons. According to Arbor Networks, the malicious code on compromised Web sites exploiting this flaw appears to be originating from the following sites, which you may want to block:

wsfgfdgrtyhgfd.net

85.255.113.4

uniq-soft.com

fdghewrtewrtyrew.biz

newasp.com.cn

To become infected, visitors must be using Internet Explorer 6 or 7; there is no need to click, just visiting an infected site is enough for an infection. The flaw does not affect Firefox or Opera Internet Browsers. Therefore, until a patch is released, users might want to browse the Internet using a non-Internet Explorer browser.

Additional resources

Microsoft: Advisory 935423

NIST: CVE-2007-1765

Arbor Networks: Any ANI file could infect you


TalkBack
11 messages

DOES AFFECT FIREFOX!!!

"The flaw does not affect Firefox or Opera Internet Browsers."

From PCWorld (http://blogs.pcworld.com/staffblog/archives/004010.html)"

"Firefox is vulnerable to the nasty Windows animated cursor flaw that can hand over control of your XP or Vista computer, according to a video posted by Determina, the company that originally discovered the vulnerability."
by YankeeH8r (See profile) - April 5, 2007 8:18 AM PDT
5 out of 5 users found this comment helpful | 1 comment

Why IE?...

Why would you be using IE anyway? lol, its horrible. Use Firefox fools!
by raggles (See profile) - April 5, 2007 1:05 AM PDT

Cursor XP or Internet Explorer?

Yah Cursor XP is great...but to minimize the treat, it's better not to use any animated cursor because it also uses alot of memory. but if you have 512 or 1GB memory, and you insist to use any animated cursor, make sure that you use any internet browser EXCEPT INTERNET EXPLORER, even the IE 7 is not save, i recommend Mozilla and Opera, because it reduces the risks most especially spywares and hackers.
by nybee_0918 (See profile) - April 4, 2007 9:11 PM PDT
5 out of 5 users found this comment helpful | 1 comment

aoudongbarbor

hhhhhhhhhhhhhhhhhhhhhiiiiiiiiiiiiiiiiii
by aoudong (See profile) - April 3, 2007 6:08 PM PDT
0 out of 5 users found this comment helpful

Microsoft Fixed It

Microsoft patch 07-17 resolves this vulnerability.

http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx

Users may want to apply it soon-ish. It requires a restart.
by John McGhie (See profile) - April 3, 2007 5:56 PM PDT
5 out of 5 users found this comment helpful

There are some potential issues with your advice

First, make your whatever alternative browser you use is supported by your anti-virus and anti-spyware. A lot of packages don't work with all non-IE browsers.

Next, if you are in the default Windows user mode, there is no way to protect yourself in Outlook Express. And the only way to protect yourself in Outlook assuming you are at 2002 or above is to read all messages in plain text only.

What I have done is taken my default user account and made it a Limited User. Of course, I did this after making a SuperUser account with admin privilages.

I did this because there is no easy way to create a secondary limited account and have it pick up all of your email, addressbook, favorites and cookies that I use to log into sites. I had worked around everything book the cookies, but gave up there.

There is a utility called LowerMyRigths that can use used to allow you to execute certain code in Limited User mode. But when I used it with Outlook Express, it took 5-8 minutes to load instead of 1 second. (It ran fine once loaded.)

There is a possible circumvention here. http://research.eeye.com/html/alerts/zeroday/20070328.html

Please create a System Restore checkpooint before downloading and applying this so that you can remove it later.
by cwbloemker (See profile) - April 1, 2007 12:38 PM PDT
5 out of 5 users found this comment helpful | 3 comments

March 2007 archive

S M Tu W Th F S
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31

for Alpha.CNET.com

1x1
 

advertisement

Popular on CBS sites: Fantasy Football | Miley Cyrus | MLB | Wii | GPS | Recipes | Mock Draft


© 2008 CNET Networks, Inc., a CBS Company. All rights reserved. | Privacy Policy | Terms of Use