Software // Enterprise Applications
News
4/12/2007
12:25 PM
Connect Directly
RSS
E-Mail
50%
50%

New Windows .ANI Attacks Promise Pix Of Paris Hilton And Porn Stars

Exploits of the .ANI bug are surging as Russian organized crime teases users with promises of photos of Paris Hilton and a porn star.

Elements of Russian organized crime have taken the lead in exploiting Microsoft's .ANI bug, and the hackers are trying to lure users to malicious Web sites with new promises of nude pictures of celebrities like Paris Hilton and porn star Jenna Jameson.

The lures are being spammed out by the same underground hackers group that last week used a similar ploy with promises of pictures of a a naked Britney Spears, according to Sophos, Inc., a security company with U.S. headquarters in Burlington, Mass.

The spammed out e-mail messages have subject lines like, "Hot pictures of Paris Hilton nude" and contain an embedded image, not of the hotel heiress who is famous for being famous, but of porn star Jenna Jameson. If users click on the image in the e-mail, the link takes them to a Web site containing the Iffy-B Trojan, which then points the user's computer to another piece of malware that tries to exploit the Microsoft vulnerability.

"The problem is that consumers and businesses may not yet have patched themselves against this vulnerability, and clicking on unsolicited e-mails like these could lead them to a nasty malware infection," said Graham Cluley, senior technology consultant for Sophos, in a written statement.

Microsoft released an emergency patch for the .ANI bug last week. Security professionals, though, are concerned that users who are slow to patch will become new victims as attacks on the vulnerability continue to surge. Dan Hubbard, VP of security company Websense, said in an interview that the patch hasn't slowed the creation of new exploits. They're still coming online at an alarming rate.

"We're seeing a little over 2,000 sites that have exploits or point to exploit code in one way or anther," said Hubbard, who last week reported that there were 700 malicious sites online. "The patch definitely helped. It went from 100% of people with Internet Explorer being vulnerable to a smaller subset. It didn't slow the attacks. It just made their success rate lower."

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 20, 2014
CIOs need people who know the ins and outs of cloud software stacks and security, and, most of all, can break through cultural resistance.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.