Content

Exploit-ANIfile.c

Type
Trojan
SubType
Exploit
Discovery Date
03/28/2007
Length
varies
Minimum DAT
4995 (03/29/2007)
Updated DAT
5161 (11/12/2007)
Minimum Engine
5.1.00
Description Added
03/28/2007
Description Modified
03/30/2007 3:51 PM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

This detection covers ANI files that attempt to exploit a recent ANI file format handling vulnerability. AVERT has confirmed that the exploit affects at least systems running Microsoft Internet Explorer 6 & 7 on Windows XP SP2. Systems running Windows XP SP1 and Windows XP SP0 do not seem vulnerable to this exploit.

These malicious ANI files may be hosted by websites, which when visited can result in silent execution of arbitrary code. One such sample silently downloaded a new downloader trojan, Downloader-BBH.

Symptoms

This exploit runs silently without showing any obvious symptoms.

This exploit is simply a transport mechanism for other malicious code; whatever the attack chooses to include.

Method of Infection

Malicious code can be delivered via a web page or email message.

Removal

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

This detection covers ANI files that attempt to exploit a recent ANI file format handling vulnerability. AVERT has confirmed that the exploit affects at least systems running Microsoft Internet Explorer 6 & 7 on Windows XP SP2.

Aliases

  • TROJ_ANICMOO.AX (Trend Micro)

Characteristics

Characteristics -

This detection covers ANI files that attempt to exploit a recent ANI file format handling vulnerability. AVERT has confirmed that the exploit affects at least systems running Microsoft Internet Explorer 6 & 7 on Windows XP SP2. Systems running Windows XP SP1 and Windows XP SP0 do not seem vulnerable to this exploit.

These malicious ANI files may be hosted by websites, which when visited can result in silent execution of arbitrary code. One such sample silently downloaded a new downloader trojan, Downloader-BBH.

Symptoms

Symptoms -

This exploit runs silently without showing any obvious symptoms.

This exploit is simply a transport mechanism for other malicious code; whatever the attack chooses to include.

Method of Infection

Method of Infection -

Malicious code can be delivered via a web page or email message.

Removal -

Removal -

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A