IT security and control firm Sophos has urged computer users to
patch their computers against a vulnerability in the way Microsoft
Windows handles animated cursors as hackers exploit the problem by
using pictures of pop star Britney Spears.
Emails spammed out by hackers are directing internet users to
hacked PHP websites with the promise of candid pictures of the
troubled singer. PHP, a scripting language used by many websites,
has suffered from serious security vulnerabilities in the past.
On 30 March the initial campaign began, with just a link to a
Russian website. The site contained the Troj/Iffy-A Trojan horse
that pointed at another piece of malware which contained zero-day
exploit of Microsoft's animated cursor (ANI) vulnerability. Sophos
detects this malicious code as Troj/Animoo-L.
At this stage the emails contained no graphics, but cycled their
subject lines in an attempt to avoid detection as the following
short example of the timeline demonstrates:
2007/03/30 14:21:10 birtney psears nakde
2007/03/30 14:26:58 birtney speasr nkaed
2007/03/30 14:34:04 britnye speras anked
2007/03/30 14:39:20 briteny psears nkaed
2007/03/30 14:40:15 britnye speasr nkaed
2007/03/30 14:40:23 rbitney spaers nakde
2007/03/30 14:40:24 rbitney speras anked
2007/03/30 14:42:48 rbitney speasr nkaed
2007/03/30 14:42:58 britnye speras nkaed
2007/03/30 14:44:16 birtney speasr nkaed
Since the initial campaign, the hackers' attack has evolved. In
the last few days spammed email messages with subject lines such as
"Hot pictures of Britiney Speers" have contained an embedded image
of the scantily clad pop star which links to a number of websites
which have had the animated cursor exploit planted on them by
Hackers trying to infect computers using
Microsoft's animated cursor vulnerability are using pictures of
Britney Spears to lure users to dangerous websites.
"The message is simple: you must patch your computers against
this vulnerability now or risk infection. Hackers are exploiting
people's tardiness in rolling out updates and looking to infect as
many PCs as they can," said Graham Cluley, senior
technology consultant for Sophos. "Microsoft issued a patch
for the problem yesterday, but the hackers will continue to
take advantage of the critical security loophole for as long as
Sophos's gateway security
solutions detected the spam email messages without requiring an
update, and the Sophos Web Security
Appliance blocks users from visiting the websites hosting the
Home users of Microsoft Windows can visit update.microsoft.com to have their systems scanned for
Microsoft security vulnerabilities.
Sophos suggests that every IT manager responsible for security
should consider subscribing to vulnerability mailing lists such as
that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx.
Sophos experts note that this is far from the
first time that Britney Spears has been used as bait in an
attempt to trick innocent computer users into viral infection. The
promise of glimpses of pin-ups like Halle
Roberts, Angelina Jolie
and Brad Pitt, Jennifer
Lopez, or the stars of 'Sex and the
City' have previously been used to help viruses spread.
Sophos continues to recommend companies protect their desktops
and servers with automatically updated
protection against viruses, spyware, and spam.