The new virus, originally reported last week, exploits a vulnerability in how Microsoft operating systems, including Vista as well as previous versions of Windows, handle animated cursor (.ANI) files. The attack vector can be either a Web page or e-mail message containing the malicious code.
Microsoft had originally planned to release the patch next Tuesday as part of its regular monthly release of security bulletins, but decided to release the update ahead of schedule because it has become "aware of the existence of a public attack utilizing the vulnerability," the spokesperson said in an e-mail.
The spokesman added that "Microsoft's monitoring of attack data continues to indicate that the attacks and customer impact is limited."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i But according to Ken Dunham, director of the rapid response team at iDefense Verisign intelligence operations, exploitation of the vulnerability took off over the weekend. "The new ANI exploit will be a long-term persistent threat, one of the most significant we've seen in the past three years," he wrote in an e-mail.
According to Dunham, hacker log files and payloads indicate that many of the original attacks, mainly out of China, are focused on the theft of role-playing game credentials. "Real hackers are making real money in a virtual world," he wrote.