In this section

• Home
• Press office
• News archive
• Articles
• 2007
• 04

• Journalists' guide
• News archive

Talk to our experts

• Press contacts

Resources

• Sophos Podcasts
• Image gallery
• Customer case studies
• Free anti-virus
• White papers
• Awards and reviews
• Industry affiliations

Sophos blogs

• SophosLabs blog
• Graham Cluley's blog
• Paul Ducklin's blog
• Chet's blog

Info feeds

• Security news
• Company news
• More...

What are info feeds?

2 April 2007

Animated cursor worm proactively stopped by Sophos Microsoft to release out-of-cycle patch against zero day vulnerability

The critical vulnerability in Microsoft's software has been exploited by an in-the-wild worm

Sophos, a world leader in IT security and control, has proactively protected users against a new worm which exploits a zero day vulnerability in the way that Microsoft Windows handles animated cursors (.ANI files).

The worm, which Sophos proactively detects using Behavioral Genotype® Protection as Mal/Behav-010 without requiring an update, infects executable and HTML files.

Sophos's Behavioral Genotype Protection has been developed by the experts at SophosLabs™, Sophos's global network of research and development centers. Unlike competing products, which monitor running code and intercept suspicious behavior once it has occurred, Sophos's HIPS technology completely prevents malware from executing, identifying it at the gateway, on fileservers and at the endpoint. The malicious code is intercepted before it can cause any harm.

Microsoft has announced that it plans to issue an out-of-cycle security update on Tuesday 3 April to address the critical vulnerability in its code.

"Normally Microsoft releases security patches on the second Tuesday of the month. Clearly the danger that the ANI vulnerability represents has encouraged them to release a patch as quickly as possible, which is good news for vulnerable internet users," said Graham Cluley, senior technology consultant for Sophos. "The fact that a worm has been seen in-the-wild exploiting the Microsoft security bug has raised the stakes over the weekend. Proactive protection has ensured that Sophos customers are not at risk from this viral attack."

Microsoft has published an advisory on its website which discusses the vulnerability.

• Read the security advisory from Microsoft: "Vulnerability in Windows Animated Cursor Handling"

Sophos continues to recommend that all organizations protect their email with an integrated security solution to thwart spam, spyware and malware threats.

• Bookmark with del.icio.us
• Submit this story to digg
• Submit this story to slashdot

Free virus scan
Download the Threat Detection Test

• Free virus, spyware, and adware scan
• Test your existing anti-virus protection
• Find threats your anti-virus missed

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.

See also:

• Malicious animated cursors exploit unpatched Microsoft vulnerability
• Sophos technology stops unknown malware threats before they execute
• Sophos beats Symantec and McAfee in zero-day threat test