Cursor vulnerability complex worm appears Vista OS exposes first photocopy a major loophole _it industry
Source: Internet
Author: User
Compound worm with cursor vulnerability exposed first photocopy a major flaw in Vista OS
March 30, Microsoft Vista operating system exposure first photocopy a major loophole. Yesterday, rising anti-virus experts found that the vulnerability has begun to be exploited by hackers, using Windows Vista and XP users, access to the poison site will be Sunway virus, theft Trojan Horse (Trojan killing software download) and many other viral infections. According to monitoring, there are nearly 10 sites in the country have been hacked.
Earlier, Microsoft had issued a warning that attackers were actively exploiting an ANI vulnerability in the Windows animated cursor (.) file. This vulnerability will affect Windows XP above operating systems and browsers above IE6, and Microsoft's newest Vista and IE7 are not spared. Microsoft has not yet released a patch for this vulnerability.
According to the rising security experts, ANI files are Windows mouse dynamic cursor files, because Vista and other systems in the processing of ANI files in the way there are loopholes, hackers can construct a special form of ANI files, when users browse the Web page containing the file, Or click on the file will automatically download the running hacker designated virus, Trojan and backdoor procedures and so on. Sunway (worm.viking) variants and Trojan viruses that steal online games are the majority of viruses that exploit this vulnerability.
This is the first time the Vista system exposed a major loophole, the number of sites that use this vulnerability to spread viruses is increasing, and the attack code is likely to be exposed.
Security experts remind ordinary netizens not to easily landing unfamiliar websites, especially through e-mail, chat software sent to the unfamiliar web site. Site administrators, should strengthen their own server log management, in particular, to pay attention to the unknown source of ANI and JPG format picture files, as soon as the abnormal processing.
A very bad news to tell you that the use of Microsoft Animation Cursor vulnerability of the new worm has appeared. We have received the relevant samples, through analysis, we have confirmed that this is a complex worm that contains features like panda incense infection, the ability to download other viruses, the ability to send messages containing the latest, ANI vulnerabilities, HTML and other files, and add the latest vulnerabilities to these files. Because the risk is very high, CISRT Lab decided to release the moderate risk warning again, to remind the majority of netizens to increase vigilance!
At the same time we recommend the vast number of netizens, enterprise network management to the following two domain names and IP shielding:
2007ip.com
Microfsot.com
61.153.247.76
The worm is about 13K in size, releasing files to the following directory:
From:i_lov E_cq@sohu. Com
Subject: Who were you filmed with the video? I'll give you a laugh!
Body:
Look at your demo! I think you are famous!
You see this address! Your face is so clear! You've become a star!
HTTP://MACR.MICR of Sot.com/<remove d>/134952.htm
Infection. Html. ASPX. Htm. Php. Jsp. ASP and. EXE file, and to. Html. ASPX. Htm. Php. Jsp. The following code is implanted in the ASP file:
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
