The .ANImated Trojan

Like those animated cursors? You know, the ones that embellish the normal mouse arrow pointers and are available on the Internet? Be careful when downloading and installing these on your systems, as a new Web threat has recently been detected posing as one.
TrendLabs has recently detected TROJ_ANICMOO.AX, a Trojan that arrives as a specially crafted .ANI file — yes, the same file format used by these “tricked out” cursors — and takes advantage of a newly discovered vulnerability in the way Windows handles animated cursors. Once it successfully exploits this vulnerability, TROJ_ANICMOO.AX downloads another Trojan from the URL http://220.71.{BLOCKED}.189/wincf.exe. The downloaded malware is detected as TROJ_SMALL.DRF.
Note that this malicious .ANI file may arrive as a file downloaded by unknowing users from the Internet. It may also be downloaded by HTML embedded in email messages. It only runs on Windows XP.
As of this writing, Microsoft has yet to release a security [...]

Original post by Eric Avena and powered by Img Fly

Related posts

• Zune receives a scathing review from the Chicago Sun-Times (0)
• ZUI and the Skype PKI (0)
• ZIP then, RAR now. What’s next? (0)
• ZERT patch (0)
• Zero-day de-mystified (0)