Zero-day ANI exploit creates problems for Windows users

F-Secure corporation warns computer users of the recently discovered Windows Animated Cursor Handling vulnerability, also known as the ANI exploit. The exploit was first discovered on Friday. It is related to the cursor animation files used by Windows.

Over the weekend the amount of attacks using this exploit have intensified. Majority of the attacks have been traced back to different Chinese hacker groups.

Microsoft has not yet released a patch against the vulnerability. For now, the best way for end users to protect themselves is to use an antivirus product to block the malicious ANI files.

"We’ve seen a lot of activity relating to the ANI exploit during the weekend", says Mikko Hypponen, the Chief Research Officer at F-Secure. "This vulnerability is really tempting for the bad guys. It's easy to modify the exploit, and it can be launched via web or email fairly easily. We hope to see Microsoft release a patch for this exploit very soon."

Most of the activity around the ANI exploit has been via dozens of malicious websites that will attack the user if he visits the page with the most common versions of Internet Explorer. However, on Sunday the first worm using this exploit to spread was found.

F-Secure's security products detect and block the known versions of the ANI exploits and worms.

About F-Secure Corporation
F-Secure Corporation protects consumers and businesses against computer viruses and other threats from the Internet and mobile networks. We want to be the most reliable provider of security services in the market. One way to demonstrate this is the speed of our response. According to independent studies in 2004, 2005 and 2006 our response time to new threats is significantly faster than our major competitors. Our award-winning solutions are available for workstations, gateways, servers and mobile phones. They include antivirus and desktop firewall with intrusion prevention, antispam and antispyware solutions. Founded in 1988, F-Secure has been listed on the Helsinki Exchanges since 1999, and has been consistently growing faster than all its publicly listed competitors. F-Secure headquarters are in Helsinki, Finland, and we have regional offices around the world. F-Secure protection is also available as a service through major ISPs, such as Deutsche Telekom, France Telecom, PCCW and Charter Communications. F-Secure is the global market leader in mobile phone protection provided through mobile operators, such as T-Mobile and Swisscom and mobile handset manufacturers such as Nokia. The latest real-time virus threat scenario news are available at the F-Secure Data Security Lab weblog at http://www.f-secure.com/weblog/