Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog - Chinese Internet Security Response Team Reports ANI Worm InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Chinese Internet Security Response Team Reports ANI Worm

Published: 2007-03-31
Last Updated: 2007-03-31 21:15:01 UTC
by Kevin Liston (Version: 1)
0 comment(s)
The Chinese Internet Security Response Team reports the detection of an worm-like payload installed using the ANI-exploit.  According to their report:

"It has the same behavior as Worm.Win32.Fujacks. It also can infects .HTML .ASPX .HTM .PHP .JSP .ASP and .EXE files, and inserts the malicious links which contained Windows Animated Cursor Handling zero-day vulnerability into .HTML .ASPX .HTM .PHP .JSP .ASP files. It also can send out Chinese spams which are include the same zero-day vulnerability link."

They recommend that the following domains be blocked to contain this particular variant:
2007ip.com
microfsot.com
Keywords:
0 comment(s)
Diary Archives