March 30, 2007 2:28 PM PDT

Attackers exploit zero-day Windows flaw

Related Stories

Second unofficial fix plugs IE hole

March 28, 2006

Third party offers temporary IE fix

March 27, 2006
A zero-day exploit that takes advantage of a vulnerability in the Windows cursor could be spreading rapidly.

The hole in the Windows animated cursor, which was flagged in a Microsoft advisory Thursday, has moved from a targeted attack to one that is widespread, said Johannes Ullrich, chief research officer for the Sans Institute, which also issued an advisory.

Attackers also on Thursday launched a Trojan spam that dupes users into thinking it's an IE 7 beta, according to a Sans advisory. The Trojan uses the same file name as Microsoft's legitimate IE 7 betas, making detection more difficult, Ullrich noted.

"Antivirus software was initially pretty useless in combating it," Ullrich said. "It was spammed out quickly and probably used an existing spam network."

He noted, however, that users have to click on a link to have their systems affected, so it is less of a threat than the Windows animated cursor zero-day flaw, or a security hole that has been publicly disclosed but not fixed.

"With the (animated cursor), you don't have to click on a link to get it to launch," Ullrich said. "You just have to open a malicious e-mail or go to a malicious Web site."

Several dozen Web sites have become infected with the exploit in the past day, and Microsoft has yet to issue a patch, he added.

See more CNET content tagged:
SANS Institute, advisory, cursor, attacker, Microsoft Internet Explorer 7


Join the conversation!
Add your comment
Message to Windows Users: You Ain't Safe Here.
...but I'm only repeating what's been true for a very long time now...

Posted by Penguinisto (5042 comments )
Reply Link Flag
I'll take my chances.
I've been a windows user since 3.0. In fact my 1st pc was a MS DOS. In the 20+ years, I have caught one, and only one bug that caused me to have to reformat. I decided then to purchase AV software. I've caught other bugs that slowed me down but the overwhelming majority were easily removed. Today, MS has a malicious software removal kit. All one has to do is to go to MS and run the thing. Easy and kills all the bugs, even the bug metioned in the article.
Posted by suyts (824 comments )
Link Flag
There is another side of the story: the reason Macs have little viruses is that nobody really cares for the 3-4% of the computer users who whorship their machine brand and have apparently nothing else to do but to jump on any MS related forum to try to convince people they are the smart ones.
Posted by Repère (14 comments )
Link Flag
What computer doesn't have exploits?
Sure Windows does have a ton more vulnerabilites than the Mac
but Microsoft has come a long way in improving Vista. Not to
mention it comes bundled with more security appz, dedicated in
solving this neverending WINDOW's PROBLEM.

I also believe they should admit defeat and adopt a more stable
kernel like the Mach Unix kernel which Apple has adapted for OS
X. NT is kind of showing its age and I can't believe their using
NT AGAIN in Vista and calling it revolutionary. They have this
beautiful OS X like interface running over an 11 year old kernel
which time and again has proven to be less useful as the years
go by.

Sadly though its all in vain, as this will probably take them even
longer to impliment now, more than ever, as they are
entrenched in supporting all the PC vendors, developers &
consumers they've managed to accumulate over these years, still
supporting NT.

In the long run, Apple will probably do another leap frog again
making it even more harder for Microsoft to catch up.

Aww maybe not that long, say another 5 years, maybe?
Posted by ServedUp (413 comments )
Reply Link Flag
What computer doesn't have exploits indeed.
No, Windows does not have tons more vulnerabilities than the Mac OS. The Mac OS has just as many as is being proved monthly by the thirty days list of vulnerabilities, one per day for a month, that a couple of hackers have been revealing. Apple has acknowledged the validity of every one of the revealed vulnerabilities and has been issuing patches for them. Microsoft still has plenty of course, but it is improving to the extent that it could skip its last second Tuesday in the month patch day.

NT is getting long in the tooth, but much of it was rewritten for Vista, particularly for security purposes. It is a viable OS and there is no reason to dump it. Apple dumped its old OS because it had no choice. It was falling behind in what it could do compared to Windows. Apple tried to fix it but gave up and brought Jobs back along with his NeXT Unix-based OS. Does it lack the vulnerabilities of Windows? Again, no it doesn?t. Jobs would be the last to claim that it does.

Mac users still benefit from its low marketing share in that it offers comparatively little prospect for profit to hackers. That profit aspect is what drives hacking now. Bedroom hackers seeing how much mischievous damage they can wreak is rapidly becoming a thing of the past. We now have criminal gangs doing the hacking to steal personal information to allow access to credit card and banking information. Since 90% of the world-wide computer market belongs to Windows, it is Windows that the hackers go after.

There is not a security researcher out there who believes the nonsense that the Mac OS is a better OS and therefore less vulnerable to hacking. Anything and everything out there can be and is being hacked, OSes, applications, browsers (including Safari). You have only to note the numerous security patches Apple has released recently to see the reality.
Posted by gmcaloon--2008 (72 comments )
Link Flag
No computer has exploits...
The exploits are ALL in the Operating System... (* GRIN *)

Posted by wbenton (522 comments )
Link Flag
Users have to click?
Users have to CLICK? What kind of exploit is that? I understand its a hidden effect of clicking... but that isn't some mouseover or onload deal.
Posted by timber2005 (720 comments )
Reply Link Flag
It's Still an Exploit
Considering that the bulk of people that use Windows aren't terribly in-tune with tech and software to begin with, it's a very legitimate exploit.

Joe Shmoe, and I've said this so many times, doesn't care about security enough to know NOT to click a link unless they're educated enough to know better.

My mother used to just click on anything before I started talking to her about what she could get herself into. Now she's a bit more careful. My niece used to want to click anything that looked 'cute' but doesn't anymore - she just turns off the computer if she doesn't like what pops up on her screen.

I'm quite sure the more tech savvy people have seen the kind of careless behavior I'm talking about in just about anyone they know or work with.

The fact of the matter is that it takes just a simple intuitive engineering attack to make people click a link that ultimate leads to a compromised machine.

It doesn't have to be fully automated nowadays. That definition ended a couple years ago.
Posted by `WarpKat (275 comments )
Link Flag
calling all open source personell
Now hear this, Microsoft says jump off a cliff. Wow, thats all it takes to get rid of these fools. Microsoft users are nothing but followers. They are not innovators.
have a nice day muckasoft users and losers. Mu ha ha ha ha ha ha ha
Posted by stecha (8 comments )
Reply Link Flag
Specifics, please?
Does the exploit require scripting or Java? Active X? Does reading e-mail as text only defeat the attack? Preview screen?
Posted by Phillep_H (497 comments )
Reply Link Flag
Nice One hackers... (* ROFLOL *)
Microsoft MUST verify whether the threat is real or not. They don't move until there is an iminent threat already occuring in at least several places.

What better way to get Microsoft to openly acknowledge such than place the code on the internet for others to exploit so that they can exploit Microsoft's lack of desire to FIX the problem.


A few more instances like this and Microsoft may just eat out of their hands... (* ROFLOL *)

Don't ya just luv it when a plan comes together? (* ROFLOL *)

Posted by wbenton (522 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.