Patch available for the ANI exploit

Everyone should make sure they have patched their system against this very nasty exploit!

The ANI exploit (Vulnerability in Windows Animated Cursor Handling) is still live in many places either by design or a hacked site. Working on a tip from Kat H about hornys-place(dot)com I found Google has already placed a warning about this site which has most likely been hacked by several culprits.

Upon visiting the site … well you can see that IE7 (patched) blocks the exploit and prompts the user, also NOD32 jumps on the page (Win32/TrojanDownloader.Ani.Gen)

But if you look closer you’ll see the exploit is not really from the visited site … it’s from a Javascript injected into the bottom of the page. Along with two other IFrame exploits! … ouch! Now the sites I circled in red were already included in the HOSTS file. The javascript decodes to a page on codecsoft(dot)net

As I mentioned above even legit sites have been hacked and these type exploits are injected. A good example of this is a site Sandi blogged about on April 4th and it is still hacked! … Unbelievable because this is a major hardware (motherboard) site … asus(dot)com(dot)tw … looks like their IT/Security people are (still) not very aware of what is going on!

Leave a Reply