Mobility made easy with HP notebooksAlpha authors
- Dan Ackerman
- Rich Brown
- David Carnoy
- Bonnie Cha
- Brian Cooley
- Wayne Cunningham
- Robert Dubbin
- Matthew Elliott
- John Falcone
- Jasmine France
- Kent German
- Will Greenwald
- Lori Grunin
- Justin Jaffe
- David Katzmaier
- James Kim
- Nicole Lee
- Lara Luepke
- Kevin Massy
- Tom Merritt
- Tim Moynihan
- Rafe Needleman
- David Rudden
- Philip Ryan
- Michelle Thatcher
- Robert Vamosi
- Elsa Wenzel
- Molly Wood
- Felisa Yang
March 30, 2007, 12:52 PM PDT
Windows animated cursor attack: Prevention and cure Posted by: Robert Vamosi
There's a new Microsoft Windows vulnerability caused by an unspecified error in the way Windows 2000, XP, and Vista handle animated cursors. Animated cursors allow a mouse pointer to appear animated on a Web site. The feature is often designated by the .ani suffix, but attacks for this vulnerability are not constrained by this file type, so simply blocking ANI files won't necessarily protect a PC. Successful exploitation can result in memory corruption when processing cursors, animated cursors, and icons. According to Arbor Networks, the malicious code on compromised Web sites exploiting this flaw appears to be originating from the following sites, which you may want to block:
wsfgfdgrtyhgfd.net
85.255.113.4
uniq-soft.com
fdghewrtewrtyrew.biz
newasp.com.cn
To become infected, visitors must be using Internet Explorer 6 or 7; there is no need to click, just visiting an infected site is enough for an infection. The flaw does not affect Firefox or Opera Internet Browsers. Therefore, until a patch is released, users might want to browse the Internet using a non-Internet Explorer browser.
Additional resources
Microsoft: Advisory 935423
NIST: CVE-2007-1765
Arbor Networks: Any ANI file could infect you
- Read also: security, software
- Email to a friend | Print this post
TalkBack
11 messages
DOES AFFECT FIREFOX!!!
"The flaw does not affect Firefox or Opera Internet Browsers."
From PCWorld (http://blogs.pcworld.com/staffblog/archives/004010.html)"
"Firefox is vulnerable to the nasty Windows animated cursor flaw that can hand over control of your XP or Vista computer, according to a video posted by Determina, the company that originally discovered the vulnerability."
From PCWorld (http://blogs.pcworld.com/staffblog/archives/004010.html)"
"Firefox is vulnerable to the nasty Windows animated cursor flaw that can hand over control of your XP or Vista computer, according to a video posted by Determina, the company that originally discovered the vulnerability."
by YankeeH8r (See profile) - April 5, 2007 8:18 AM PDT
5 out of 5
users
found this comment helpful
|
1
comment
Why IE?...
Why would you be using IE anyway? lol, its horrible. Use Firefox fools!
by raggles (See profile) - April 5, 2007 1:05 AM PDT
Cursor XP or Internet Explorer?
Yah Cursor XP is great...but to minimize the treat, it's better not to use any animated cursor because it also uses alot of memory. but if you have 512 or 1GB memory, and you insist to use any animated cursor, make sure that you use any internet browser EXCEPT INTERNET EXPLORER, even the IE 7 is not save, i recommend Mozilla and Opera, because it reduces the risks most especially spywares and hackers.
by nybee_0918 (See profile) - April 4, 2007 9:11 PM PDT
5 out of 5
users
found this comment helpful
|
1
comment
aoudongbarbor
hhhhhhhhhhhhhhhhhhhhhiiiiiiiiiiiiiiiiii
by aoudong (See profile) - April 3, 2007 6:08 PM PDT
0 out of 5
users
found this comment helpful
Microsoft Fixed It
Microsoft patch 07-17 resolves this vulnerability.
http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx
Users may want to apply it soon-ish. It requires a restart.
http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx
Users may want to apply it soon-ish. It requires a restart.
by John McGhie (See profile) - April 3, 2007 5:56 PM PDT
5 out of 5
users
found this comment helpful
There are some potential issues with your advice
First, make your whatever alternative browser you use is supported by your anti-virus and anti-spyware. A lot of packages don't work with all non-IE browsers.
Next, if you are in the default Windows user mode, there is no way to protect yourself in Outlook Express. And the only way to protect yourself in Outlook assuming you are at 2002 or above is to read all messages in plain text only.
What I have done is taken my default user account and made it a Limited User. Of course, I did this after making a SuperUser account with admin privilages.
I did this because there is no easy way to create a secondary limited account and have it pick up all of your email, addressbook, favorites and cookies that I use to log into sites. I had worked around everything book the cookies, but gave up there.
There is a utility called LowerMyRigths that can use used to allow you to execute certain code in Limited User mode. But when I used it with Outlook Express, it took 5-8 minutes to load instead of 1 second. (It ran fine once loaded.)
There is a possible circumvention here. http://research.eeye.com/html/alerts/zeroday/20070328.html
Please create a System Restore checkpooint before downloading and applying this so that you can remove it later.
Next, if you are in the default Windows user mode, there is no way to protect yourself in Outlook Express. And the only way to protect yourself in Outlook assuming you are at 2002 or above is to read all messages in plain text only.
What I have done is taken my default user account and made it a Limited User. Of course, I did this after making a SuperUser account with admin privilages.
I did this because there is no easy way to create a secondary limited account and have it pick up all of your email, addressbook, favorites and cookies that I use to log into sites. I had worked around everything book the cookies, but gave up there.
There is a utility called LowerMyRigths that can use used to allow you to execute certain code in Limited User mode. But when I used it with Outlook Express, it took 5-8 minutes to load instead of 1 second. (It ran fine once loaded.)
There is a possible circumvention here. http://research.eeye.com/html/alerts/zeroday/20070328.html
Please create a System Restore checkpooint before downloading and applying this so that you can remove it later.
by cwbloemker (See profile) - April 1, 2007 12:38 PM PDT
5 out of 5
users
found this comment helpful
|
3
comments
