http://www.cisrt.org/enblog/index.php en-US http://www.cisrt.org/enblog/read.php? smallmo <smallmo@cisrt.com> Sat, 31 Mar 2007 10:45:57 +0000 http://www.cisrt.org/enblog/read.php? Windows Animated Cursor Handling zero-day vulnerability has been used by malwares in China now. We have received this kind of new worm today. It has the same behavior as Worm.Win32.Fujacks. It also can infects .HTML .ASPX .HTM .PHP .JSP .ASP and .EXE files, and inserts the malicious links which contained Windows Animated Cursor Handling zero-day vulnerability into .HTML .ASPX .HTM .PHP .JSP .ASP files. It also can send out Chinese spams which are include the same zero-day vulnerability link.

And the author is updating the variants now. We have received different sizes and MD5 hashes. The worm can be downloaded from the following domains, we suggest all users should block now.
............

Tags - trojan-downloader.win32.agent.bky , w32.fubalca , macr.microfsot.com , a.2007ip.com , vulnerability , .ani , microsoft ]]> http://www.cisrt.org/enblog/read.php?#blogcomment <user@domain.com> Thu, 01 Jan 1970 00:00:00 +0000 http://www.cisrt.org/enblog/read.php?#blogcomment